IT Security Newsletter - 6/14/2022
Cloudflare mitigates record-breaking HTTPS DDoS attack
Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. The record-breaking attack occurred last week and targeted one of Cloudflare's customers using the Free plan. The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things (IoT) devices. READ MORE...
Kaiser Permanente Breach Exposes Data on 70K Patients
Kaiser Permanente recently revealed that an employee email compromise on April 5 left personal medical information on nearly 70,000 of its patients at risk of compromise. Although Kaiser said the attacker had access for only a couple of hours and there is no evidence that sensitive data was breached, patient information including first and last name, medical record number, dates of service, and lab test results were involved, the company said in a notice about the incident. READ MORE...
Russian hackers start targeting Ukraine with Follina exploits
Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. The security issue can be triggered by either opening or selecting a specially crafted document and threat actors have been exploiting it in attacks since at least April 2022. READ MORE...
Iranian hacking campaign that included former U.S. ambassador exposed
Hackers possibly affiliated with Iran have been running a spearphishing campaign targeting former Israeli officials, high-ranking military personnel, the head of a leading security think tank and former U.S. ambassador to Israel, researchers with cybersecurity firm Check Point said Tuesday. The campaign includes spearphishing conducted through both hijacked legitimate and phony email accounts, a fake URL shortener, a credential-harvesting Yahoo-themed phishing page and more. READ MORE...
Drupal Patches 'High-Risk' Third-Party Library Flaws
The Drupal security team has released a "moderately critical" advisory to call attention to serious vulnerabilities in a third-party library and warned that hackers can exploit the bugs to remotely hijack Drupal-powered websites. The vulnerabilities, tracked as CVE-2022-31042 and CVE-2022-31043, were found and fixed in Guzzle, a third-party library that Drupal uses to handle HTTP requests and responses to external services. READ MORE...
Microsoft: Exchange servers hacked to deploy BlackCat ransomware
Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. In at least one incident that Microsoft's security experts observed, the attackers slowly moved through the victim's network, stealing credentials and exfiltrating information to be used for double extortion. READ MORE...
HelloXD ransomware bulked up with better encryption, nastier payload
Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands. The new capabilities make the ransomware, first detected in November 2021 - and the developer behind it even more dangerous - according to researchers with Palo Alto Networks' Unit 42 threat intelligence group. READ MORE...
Industroyer: A cyber-weapon that brought down a power grid
On June 12th 2017, ESET researchers published their findings about unique malware that was capable of causing a widespread blackout. Industroyer, as they named it, was the first known piece of malware that was developed specifically to target a power grid. Indeed, Industroyer had been deployed to considerable effect a few months earlier - it caused thousands of homes in parts of Kyiv, Ukraine to lose power supplies for about an hour on December 17th, 2016, after the malware struck a local electrical substation. READ MORE...
"Downthem" DDoS-for-Hire Boss Gets 2 Years in Prison
A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites. Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of two DDoS-for-hire services. READ MORE...
- ...in 1777, the Continental Congress adopts "The Stars and Stripes" as the flag of the United States of America.
- ...in 1900, Hawaii becomes a United States territory.
- ...in 1942, Anne Frank begins writing in the diary she received for her 13th birthday.
- ...in 1951, UNIVAC I, the first US-produced commercial computer, is dedicated by the US Census Bureau.