IT Security Newsletter - 6/30/2022
'Prolific' NetWalker extortionist pleads guilty to ransomware charges
A former Canadian government employee has pleaded guilty in a US court to several charges related to his involvement with the NetWalker ransomware gang. On Tuesday, 34-year-old Sebastien Vachon-Desjardins admitted he conspired to commit computer and wire fraud, intentionally damaged a protected computer, and transmitted a demand in relation to damaging a protected computer. READ MORE...
Cyberattack Hits Norway, Pro-Russian Hacker Group Fingered
A cyberattack temporarily knocked out public and private websites in Norway in the past 24 hours, Norwegian authorities said Wednesday. Norwegian Prime Minister Jonas Gahr Støre said that to his knowledge the attack "has not caused any significant damage." The distributed-denial-of-service (DDOS) attack targeted a secure national data network forcing the temporary suspension of online services for several hours, the Norwegian National Security Authority said. READ MORE...
Deepfaking crooks seek remote-working jobs to gain access to sensitive data
The FBI has issued a warning that, in an attempt to gain access to sensitive data at organisations, crooks are using deepfake video when applying for remote working-at-home jobs. The FBI's Internet Crime Complaint Center (IC3) says there has been an increase in reports that deepfake video and audio is being used by criminals when applying for positions that involve access to personal identifiable information (PII), financial data, corporate IT databases, and proprietary information. READ MORE...
Immigration organisations targeted by APT group Evilnum
Organisations working in the immigration sector are advised to be on high alert for Advanced Persistent Threat (APT) attacks. Bleeping Computer reports that European organisations, specifically, are under threat from the Evilnum hacking group. Evilnum, on the APT scene since 2018 at the earliest and perhaps most well known for targeting the financial sector, appears to have switched gears. READ MORE...
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric
Microsoft this week disclosed a serious container-escape vulnerability in its widely used Azure Service Fabric technology, which gives attackers a way to gain root privileges on the host node and take over all other nodes in the cluster. The privilege-escalation bug is only exploitable on Linux containers, though it is present in Windows container environments as well, Microsoft said in an advisory Tuesday. READ MORE...
XFiles info-stealing malware adds support for Follina delivery
The XFiles info-stealer malware has added a delivery module that exploits CVE-2022-30190, aka Follina, for dropping the payload on target computers. The flaw, discovered as a zero-day at the end of May and fixed with Microsoft's Windows update on June 14, enables the execution of PowerShell commands simply by opening a Word document. Researchers at Cyberint noticed that recent campaigns delivering the malware use Follina to download the payload, execute it, and also create persistence on the target machine. READ MORE...
AstraLocker 2.0 infects users directly from Word attachments
A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments. This approach is quite unusual as all the intermediate steps that typically characterize email attacks are there to help evade detection and minimize the chances of raising red flags on email security products. READ MORE...
Black Basta ransomware - what you need to know
Black Basta is a relatively new family of ransomware, first discovered in April 2022. Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations - first exfiltrating data from targeted companies, and then encrypting files on the firm's computer systems. Victims have reportedly been hit in countries around the world including the United States, UK, India, Canada, Australia, New Zealand, and UAE. READ MORE...
Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know
Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just over Memorial Day weekend, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk. READ MORE...
Leaky Access Tokens Exposed Amazon Photos of Users
The Amazon Photos app for Android insufficiently protected user access tokens, according to a blog post published on Wednesday. Theoretically, with exposed tokens, an attacker could've accessed users' personal data from a number of different Amazon apps - not just Photos but also, for example, Amazon Drive. They also could have performed a ransomware attack, locking up or permanently deleting photos, documents and more. READ MORE...
- ...in 1908, a meteor air burst above eastern Siberia flattens thousands of miles of forest, in what is known as the "Tunguska event."
- ...in 1917, actress, singer, and civil rights activist Lena Horne is born in New York.
- ...in 1953, the first Chevrolet Corvette rolls off the assembly line in Flint, MI.
- ...in 1997, the United Kingdom transfers sovereignty over Hong Kong to the Chinese government.