IT Security Newsletter

IT Security Newsletter - 5/4/2023

Written by Cadre | Thu, May 4, 2023

City of Dallas hit by Royal ransomware attack impacting IT services

The City of Dallas, Texas, has suffered a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. Dallas is the ninth largest city in the United States, with a population of approximately 2.6 million people, according to US census data. Local media reported that the City's police communications and IT systems were shut down Monday morning due to a suspected ransomware attack. READ MORE...

Russian hackers use WinRAR to wipe Ukraine state agency's data

The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices. In a new advisory, the Ukrainian Government Computer Emergency Response Team (CERT-UA) says the Russian hackers used compromised VPN accounts that weren't protected with multi-factor authentication to access critical systems in Ukrainian state networks. READ MORE...

Apple Releases First-Ever Security Updates for Beats, AirPods Headphones

Apple has released the first-ever security updates for its Beats and AirPods products to patch a vulnerability that can be exploited to gain access to headphones through a Bluetooth attack. The flaw is tracked as CVE-2023-27964 and it was reported to Apple by Yun-hao Chung and Archie Pusaka of Google ChromeOS. The vulnerability has been described as an authentication issue. READ MORE...

Patch now! The Mirai IoT botnet is exploiting TP-Link routers

Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. The notorious Mirai botnet, which hijacks control of vulnerable IoT devices, is now exploiting TP-Link Archer AX21 routers to launch distributed denial-of-service (DDoS) attacks. The warning comes from security researchers and the US Government's Cybersecurity and Infrastructure Security Agency (CISA). READ MORE...

US Announces Takedown of Card-Checking Service, Charges Against Russian Operator

The US Department of Justice this week announced the takedown of card-checking platform 'Try2Check' and charges against its Russian administrator. The individual, Denis Gennadievich Kulkov, 43, created the platform in 2005 and operated it until the takedown. The US is offering a $10 million reward for information leading to his capture. According to the indictment (PDF), Try2Check was created as a service for cybercriminals who sold and purchased stolen credit cards in bulk. READ MORE...

Oracle WebLogic Server vulnerability added to CISA list as "known to be exploited"

On May 1, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies are obliged to remediate the vulnerabilities by May 22, 2023. For the rest of us it means "pay attention," everyone else with a vulnerable entity should do this as fast as possible too. READ MORE...

Attackers are trying to exploit old DVR vulnerabilities (CVE-2018-9995, CVE-2016-20016)

Five years ago, security researcher Fernandez Ezequiel discovered a vulnerability (CVE-2018-9995) in many digital video recorder (DVR) brands and released a tool for exploiting it. The vulnerability is still being exploited in the wild, FortiGuard Labs warns: the company's intrusion prevention systems have registered 50,000+ unique exploitation attempts in the past month. READ MORE...

AI vs. Hollywood: Writers battle "plagiarism machines" in union talks

The Writers Guild of America (WGA) is seeking to restrict the use of generative AI in writing film and TV scripts as part of an ongoing strike, reports Reuters. The concerns come at a time when anxiety over the economic impact of tech like ChatGPT looms large in the minds of many. The WGA strike is the first in 15 years, and it's taking place over issues beyond just AI. READ MORE...

  • ...in 1865, President Lincoln is buried in Springfield, Illinois.
  • ...in 1953, writer Ernest Hemingway wins the Pulitzer Prize for his short novel, "The Old Man and the Sea".
  • ...in 1958, painter and Pop artist Keith Haring is born in Reading, PA.
  • ...in 1979, Margaret Thatcher is elected as the first female Prime Minister of the United Kingdom.