IT Security Newsletter

IT Security Newsletter - 6/22/2020

Written by Cadre | Mon, Jun 22, 2020

Australia blames a state actor for major disruptions. China is already denying it.

Government agencies and private companies in Australia are experiencing a "sophisticated" cyberattack carried out by a nation-state, according to Prime Minister Scott Morrison. In an announcement Friday, Morrison informed the public that "all levels of government" and a number of critical businesses and essential services are dealing with malicious activity that is accelerating in severity after beginning months ago. READ MORE...

Krebs on Security: 'BlueLeaks' Exposes Files from Hundreds of Police Departments

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed "BlueLeaks" and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The nearly 270 gigabyte collection is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data. READ MORE...

Former DIA Analyst Sentenced to Prison Over Data Leak

A former analyst for the U.S. Defense Intelligence Agency (DIA) has been sentenced to more than two years in prison after sharing highly classified, national defense intelligence with two reporters. The sentencing comes after the 32-year-old analyst, Henry Kyle Frese, pleaded guilty in February to leaking the data, regarding foreign countries' weapons systems, in 2018 and 2019. Frese worked as a counterterrorism analyst from February 2018 to October 2019 at the DIA. READ MORE...

Hackers use fake Windows error logs to hide malicious payload

Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. The trick is part of a longer chain with intermediary PowerShell commands that ultimately delivers a script for reconnaissance purposes. MSP threat detection provider Huntress Labs discovered an attack scenario where a threat actor with persistence on a target machine tried an unusual trick in their attack routine. READ MORE...

IBM Maximo Asset Management servers patched against attacks

Details are hazy but the overall story is clear: if you use IBM's Maximo Asset Management, make sure you're patched. As you can imagine, an asset management tools called Maximo isn't aimed at small businesses such as local bike shops or at parochial bodies such as parish councils. Those organisations definitely have assets to keep track of, such as tools and spare parts, but Maximo's aim is much bigger than that. READ MORE...

Discord modified to steal accounts by new NitroHack malware

New malware is being distributed that pretends to be a hack that gets you the premium Discord Nitro service for free but instead steals user tokens saved in the various browsers, credit card information, and then tries to spread it to others. When you have an open platform like Discord that makes it easy to modify the JavaScript files utilized by the client, threat actors commonly abuse it to modify the client to perform malicious behavior. READ MORE...

Philadelphia-area health system says it 'isolated' a malware attack

A "malware attack" has hit computer systems at Crozer-Keystone Health System, a large health care provider in the Philadelphia suburbs, a spokesman for the organization said Friday. "After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took immediate action and began remediating impacted systems," Crozer-Keystone's Rich Leonowitz said in an emailed statement. READ MORE...

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

Researchers have discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said. The flaw, a memory-safety issue present in the firmware's httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers, according to two separate reports. READ MORE...

  • ...in 1940, France formally surrenders to Germany, following a nearly two-month invasion by the Axis powers.
  • ...in 1942, Congress officially recognizes the Pledge of Allegiance.
  • ...in 1969, the Cuyahoga River catches fire near Cleveland, OH, drawing national attention to the problem of water pollution.
  • ...in 1978, astronomer James W. Christy discovers Charon, the largest moon of Pluto.