<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/4/2022

SHARE

Top News

Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw

Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution. The flaw makes it possible for hackers with access to the connection between an affected device and the Internet to poison DNS requests used to translate domains to IP addresses, researchers from security firm Nozomi Networks said Monday. READ MORE...

Breaches

Stealthy APT group plunders very specific corporate email accounts

An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments for at least 18 months. Catalogued as UNC3524 by Mandiant, the threat actor is also extremely adept at re-gaining access to a victim environment when booted out, "re-compromising the environment with a variety of mechanisms, immediately restarting their data theft campaign." READ MORE...


US healthcare billing services group hacked, affecting at least half a million individuals

According to the US Department of Health and Human Services, Adaptive Health Integrations (AHI), a healthcare software and billing services firm in North Dakota, suffered a data breach that affected more than half a million individuals. According to the firm, the breach occurred in mid-October last year, but it only started notifying people last month. READ MORE...

Hacking

Pro-Ukraine hackers use Docker images to DDoS Russian sites

Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations. Behind the incidents are believed to be pro-Ukrainian actors such as hacktivists, likely backed by the country's IT Army. DDoS cyberattacks aim to cripple operations of by sending out more requests than the target can handle and becomes unavailable to legitimate clients. READ MORE...


SolarWinds hackers set up phony media outlets to trick targets

The Russian hacking group behind the SolarWinds hack, Nobelium, is setting up new infrastructure to launch attacks using old tricks, researchers at Recorded Future found. The findings, published Tuesday and shared first with CyberScoop, demonstrate how the group has evolved in recent months in an effort to avoid researcher detection. Researchers identified more than four dozen domains the group used in phishing attacks, some of which attempted to emulate real brands. READ MORE...


State-backed hacking group from China is targeting the Russian military

In an unexpected turn of events, research has surfaced about a Chinese APT (advanced persistent threat) group targeting the Russian military in recent cyberattacks. Tracked as Bronze President, Mustang Panda, RedDelta, and TA416, the group has focused mainly on Southeast Asian targets-and more recently, European diplomats-and turned their attention towards Russia and started targeting the country's military situated close to the Chinese border. READ MORE...

Malware

Conti, REvil, LockBit ransomware bugs exploited to block encryption

Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today. Malware from notorious ransomware operations like Conti, the revived REvil, the newcomer Black Basta, the highly active LockBit, or AvosLocker, all came with security issues that could be exploited to stop the final and most damaging step of the attack, file encryption. READ MORE...

Exploits/Vulnerabilities

Attackers Use Event Logs to Hide Fileless Malware

Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for malicious late stage trojans, according to a Kaspersky research report released Wednesday. READ MORE...

Science & Culture

What Stars Wars Teaches Us About Threats

Over years of teaching threat modeling - including the STRIDE mnemonic, which I'll describe here - I've found that people often get stuck when trying to answer "what can go wrong?" My favorite way to help them clear these hurdles is with stories from a long time ago in a galaxy far, far away. Star Wars offers an accessible and expansive set of examples. READ MORE...

On This Date

  • ...in 1865, President Lincoln is buried in Springfield, Illinois.
  • ...in 1953, writer Ernest Hemingway wins the Pulitzer Prize for his short novel, "The Old Man and the Sea".
  • ...in 1958, painter and Pop artist Keith Haring is born in Reading, PA.
  • ...in 1979, Margaret Thatcher is elected as the first female Prime Minister of the United Kingdom.