<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/5/2022

SHARE

Top News

China-linked APT Caught Pilfering Treasure Trove of IP

Researchers from Cybereason's Nocturnus Team have uncovered a massive, highly successful, three-year-long campaign of intellectual property theft. The perpetrators were likely able to siphon hundreds of gigabytes worth of "sensitive proprietary information from technology and manufacturing companies mainly in East Asia, Western Europe, and North America," according to the report released Wednesday. READ MORE...

Breaches

Heroku admits that customer credentials were stolen in cyberattack

Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." Heroku's update comes after BleepingComputer reached out to Salesforce yesterday. READ MORE...

Hacking

Phishing operation hits NHS email accounts to harvest Microsoft credentials

A phishing operation compromised over one hundred UK National Health Service (NHS) employees' Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky. During the phishing campaign, which began in October 2021 and spiked in March 2022, the email security firm detected 1,157 phishing emails originating from NHSMail accounts that belonged to 139 NHS employees in England and Scotland. READ MORE...

Software Updates

Critical F5 BIG-IP flaw allows device takeover, patch ASAP!

F5 Networks' BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 warned yesterday. READ MORE...


Android's May 2022 Security Updates Patch 36 Vulnerabilities

Google this week announced the release of patches for 36 vulnerabilities as part of its May 2022 security updates for Android. The most serious of these security holes, the internet giant notes in an advisory, is a high-severity issue in Android's Framework component that could be exploited for privilege escalation. The flaw was resolved along with four other vulnerabilities in Framework, including three high-severity elevation of privilege bugs and one moderate-severity information disclosure issue. READ MORE...

Malware

New Ransomware Variant Linked to North Korean Cyber Army

A new ransomware strain called VHD has been traced to North Korean state actor APT38 by a team of researchers using detailed code analysis and following a Bitcoin trail. The Democratic People's Republic of Korea (DPRK) has used ransomware for several years to raise money for state coffers, including the February 2016 Bangladesh bank heist in which attackers tried to use the SWIFT banking system to steal almost US$1 billion, explains Trellix researcher Christiaan Beek in a new blog post. READ MORE...

Information Security

World Password Day - the 1960s just called and gave you your passwords back

Back in the late 1960s and the start of the 1970s (or so we've heard), primary school children in the UK got a special treat. Unlike their parents and grandparents before them, they were exempted from learning how to do calculations involving money. Their teachers were no longer expected to show them how to do the confusing and needlessly complex sums required when working with the UK's "old money", even though it was still the official currency. READ MORE...

Exploits/Vulnerabilities

Flaws in Avast, AVG Antiviruses Could Have Facilitated Attacks on Millions of Devices

Researchers at endpoint security firm SentinelOne have discovered two potentially serious vulnerabilities in antivirus products from Avast and AVG. According to SentinelOne, the two vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, impacted both Avast and AVG antiviruses - Avast acquired AVG in 2016 and the flaws affect a shared anti-rootkit driver. READ MORE...


Cisco fixes NFVIS bugs that help gain root and hijack hosts

Cisco has addressed several security flaws found in the Enterprise NFV Infrastructure Software (NFVIS), a solution that helps virtualize network services for easier management of virtual network functions (VNFs). Two of them, rated critical and high severity, can be exploited by attackers to run commands with root privileges or to escape the guest virtual machine (VM) and fully compromise NFVIS hosts. READ MORE...

On This Date

  • ...in 1816, John Keats' first published poem, "O Solitude" , appears in The London Examiner.
  • ...in 1904, Cy Young throws a perfect game against the Philadelphia Athletics in Boston, MA.
  • ...in 1943, comedic actor Michael Palin from "Monty Python's Flying Circus" is born in Sheffield, England.
  • ...in 1961, Alan Shepard becomes the first American in space when his Freedom 7 craft achieves Earth orbit.