<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/2/2021

SHARE

Top News

US seizes domains used by APT29 in recent USAID phishing attacks

The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks. The two domains seized by the DOJ are theyardservice[.]com and worldhomeoutlet[.]com and were used to receive data exfiltrated from victims of the targeted phishing attacks and send further commands malware to execute on infected machines. READ MORE...

Hacking

Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing

An ex-U.S. ambassador to Russia, anti-corruption activists in Ukraine and election observers in other parts of Eastern Europe were among the apparent targets of a suspected Russian state-sponsored hacking effort, according to data linked to the spying operation that a researcher shared with CyberScoop. The list offers classic examples of organizations that Russian spies might want to infiltrate, including those working to expose graft, combat disinformation and promote secure elections. READ MORE...


DoJ Charges Rhode Island Woman in Phishing Scheme Against Politicians

The Department of Justice (DoJ) has charged a woman in Rhode Island in a phishing campaign against candidates for political office and related associates that impersonated various individuals-including campaign workers and the Microsoft security team-in an attempt to trick victims into providing account credentials. The U.S. Attorney's Office for the District of Massachusetts has charged Diana Lebeau, 21, of Cranston, R.I., with "attempted unauthorized access to a protected computer." READ MORE...

Software Updates

OpenPGP library RNP updates after Thunderbird decrypt-no-recrypt bug squashed

OpenPGP project RNP has patched its flagship product after Mozilla Thunderbird, a major user, was found to be saving users' private keys in plain text. The newest version of RNP, 0.15.1, saw a fix for the vulnerability which led to a Thunderbird patch last week after confused users wondered why the email client's master password wasn't protecting their private keys. READ MORE...

Malware

Cobalt Strike, a penetration testing tool abused by criminals

If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit-probably the best known project for penetration testing-is an exploit framework, designed to make it easy for someone to launch an exploit against a particular vulnerable target. Cobalt Strike is in the same basket. READ MORE...

Exploits/Vulnerabilities

Critical WordPress plugin zero-day under active exploitation

Threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware. Fancy Product Designer is a visual product configurator plugin for WordPress, WooCommerce, and Shopify, and it allows customers to customize products using their own graphics and content. According to sales statistics for the plugin, Fancy Product Designer has been sold and installed on more than 17,000 websites. READ MORE...


Industrial Switches From Several Vendors Affected by Same Vulnerabilities

Industrial switches provided by several vendors are affected by the same vulnerabilities due to the fact that they share firmware made by Taiwan-based industrial networking solutions provider Korenix Technology. The vulnerabilities were discovered by Austria-based cybersecurity consultancy SEC Consult. The Atos-owned company has been trying to get the security holes fixed since mid-April 2020, but it took nearly one year for Korenix to release patches. READ MORE...


Vulnerability in Lasso Library Impacts Products From Cisco, Akamai

A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions. Lasso - an acronym for Liberty Alliance Single Sign On - is a C library that implements Liberty Alliance and SAML (Security Assertion Markup Language) standards. It defines processes for federated identities, single sign-on (SSO) and other protocols. READ MORE...

On This Date

  • ...in 1865, the U.S. Civil War officially ends with the surrender of Gen. Edmund Kirby Smith, dissolving the last Confederate army.
  • ...in 1935, Baseball Hall of Famer Babe Ruth ends his Major League playing career after 22 seasons.
  • ...in 1953, Queen Elizabeth II is formally crowned monarch of the United Kingdom.
  • ...in 1967, The Beatles album "Sgt. Pepper's Lonely Hearts' Club Band" is released in the US.