<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/3/2022

SHARE

Trends

CMS-based sites under attack: The latest threats and trends

Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, Sucuri's latest research report has revealed. "Unlike most compromises we see, skimming attacks are more often targeted rather than opportunistic," the company added, and said that they expect skimmers to play an even larger role in website infections in 2022. READ MORE...

Malware

Botnet that hid for 18 months boasted some of the coolest tradecraft ever

It's not the kind of security discovery that happens often. A previously unknown hacker group used a novel backdoor, top-notch trade craft, and software engineering to create an espionage botnet that was largely invisible in many victim networks. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims' networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. READ MORE...


Lockbit ransomware attack cripples parts of German library service

One of the largest library services in Germany, EKZ Bibliotheksservice, has been impacted by a ransomware attack that has left book lovers unable to rent and borrow eBooks, audio books, and electronic magazines. In an FAQ on its website, Reutlingen-based EKZ says it is currently trying to repair the damage caused by the attack, and identify if any personal data was stolen. For now, orders cannot be made online, and even orders submitted via email, fax or telephone can not be completed at present. READ MORE...

Information Security

Deepfakes Are a Growing Threat to Cybersecurity and Society: Europol

Deepfakes, left unchecked, are set to become the cybercriminals' next big weapon. Deepfake technology uses artificial intelligence techniques to alter existing or create new audio or audio-visual content. It has some non-malign purposes - such as satire and gaming - but is increasingly used by bad actors for bad purposes. And yet, in 2019, research from iProove showed that 72% of people were still unaware of deepfakes. READ MORE...


Mozilla: Lack of Security Protections in Mental-Health Apps Is 'Creepy'

While they have good intentions to foster mental health and spiritual wellness, the majority of mental-health and prayer apps can harm their users in other ways by exposing personal and intimate data due to a severe lack of security and privacy protections, researchers from Mozilla have found. Of 32 mental-health and prayer mobile apps investigated by the open-source organization, 28 were found to be inherently insecure and slapped with a "Privacy Not Included" label. READ MORE...

Exploits/Vulnerabilities

Aruba and Avaya network switches are vulnerable to RCE attacks

Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices. The damage caused by a successful attack ranges from data breach and complete device takeover to lateral movement and overriding network segmentation defenses. READ MORE...


Many IoT Devices Exposed to Attacks Due to Unpatched Flaw in uClibc Library

Nozomi Networks, a firm specialized in securing operational technology (OT) and IoT systems, has disclosed a potentially serious vulnerability affecting a C standard library used by several major companies. The affected library is uClibc, which is designed for developing embedded Linux systems. According to the official uClibc website, the library is used by Linksys and Netgear for their wireless routers, and by Axis for its network cameras. READ MORE...

On This Date

  • ...in 1919, folk singer/songwriter Pete Seeger ("Where Have All the Flowers Gone?", "If I Had a Hammer") was born in Patterson, NY.
  • ...in 1935, late-night TV pitchman and inventor Ron Popeil, of Veg-O-Matic and Pocket Fisherman fame, was born in New York City.
  • ...in 1952, the Kentucky Derby is shown on national television for the first time.
  • ...in 2003, New Hampshire's famous "Old Man of the Mountain" rock formation collapses in a rockslide.