IT Security Newsletter - 5/26/2023
Lazarus Group Striking Vulnerable Windows IIS Web Servers
The North Korean state-backed threat actor Lazarus Group has reinvented its ongoing espionage campaign by exploiting known vulnerabilities in unpatched Windows IIS Web servers to deploy its reconnaissance malware. Researchers with AhnLab Security Response Center (ASEC) reported that the latest round of espionage attacks used the Lazarus Group signature DLL side-loading technique during initial compromise. READ MORE...
Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
The second-largest health insurer in Massachusetts was the victim of a ransomware attack in which sensitive personal information as well as health information of current and past members may have been compromised, company officials said. Point32Health said in a statement on its website Tuesday that a "cybersecurity ransomware incident" affecting its Harvard Pilgrim Health Care program was detected April 17. READ MORE...
BlackByte ransomware crew lists city of Augusta after cyber 'incident'
BlackByte ransomware crew has claimed Augusta, Georgia, as its latest victim, following what the US city's mayor has, so far, only called a cyber "incident." In a Wednesday statement about the "network outage" posted on the city's website, Augusta Mayor Garnett Johnson said the "technical difficulties" - which disrupted some of the city's computer systems - started on Sunday, May 21. READ MORE...
'Operation Magalenha' Attacks Give a Window Into Brazil's Cybercrime Ecosystem
Earlier this year, threat actors carried out a campaign to steal the personal and financial information of customers of Portuguese banks, including private and government and institutions. Researchers from SentinelLabs branded it "Operation Magalenha," in a report published the morning of May 25. Magalenha is notable both for its payload, "PeepingTitle" - a multifunctional backdoor written in the Delphi programming language - and its scattershot approach to cyber espionage. READ MORE...
D-Link fixes auth bypass and RCE flaws in D-View 8 software
D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code. D-View is a network management suite developed by the Taiwanese networking solutions vendor D-Link, used by businesses of all sizes for monitoring performance, controlling device configurations, creating network maps, and generally making network management and administration more efficient and less time-consuming. READ MORE...
New Buhti ransomware uses leaked payloads and public exploits
A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities (e.g., the recently patched PaperCut and IBM Aspera Faspex flaws). READ MORE...
Predator: Looking under the hood of Intellexa's Android spyware
Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details. Predator is a commercial spyware for mobile platforms (iOS and Android) developed and sold by Israeli company Intellexa. The spyware family has been linked to surveillance operations targeting journalists, high-profile European politicians, and more. READ MORE...
Netflix's Password-Sharing Ban Offers Security Upsides
Netflix made waves this week after announcing that it would start the process of squelching password-sharing with people outside of one's specific household. While the news sparked dismay for the many who offer their parents, budget-minded friends, and adult children access to their Netflix streaming accounts, security experts note the move offers account protection upsides. READ MORE...
"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!
WordPress plugins are under fire once more, and you're advised to update your version of Beautiful Cookie Consent Banner as soon as possible. The plugin, which is installed on more than 40,000 sites, has been impacted by a "bizarre campaign" being actively used since at least February 5 of this year. The plugin is designed to present users with a cookie banner "without loading any external resources from third parties". READ MORE...
Zyxel Firewalls Hacked by Mirai Botnet
A Mirai botnet variant has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. The Taiwan-based networking device manufacturer informed customers about the security hole on April 25, when it announced the availability of patches for impacted ATP, VPN, USG Flex and ZyWALL/USG firewalls. The OS command injection vulnerability, found by Trapa Security, is caused by improper error message handling in some firewalls. READ MORE...
- ...in 1864, President Lincoln signs an act establishing the Montana Territory.
- ...in 1868, the U.S. Senate narrowly fails to convict President Andrew Johnson of the impeachment charges levied against him by the House.
- ...in 1953, "It Came from Outer Space", the first science fiction film to be screened in 3-D, debuts in Los Angeles.
- ...in 1959, Harvey Haddix of the Pittsburgh Pirates pitches 12 perfect innings against the Milwaukee Braves, only to lose the game.