IT Security Newsletter

IT Security Newsletter - 7/14/2022

Written by Cadre | Thu, Jul 14, 2022

Chinese hackers targeted U.S. political reporters just ahead of Jan. 6 attack, researchers say

Hackers connected with the Chinese government engaged in numerous phishing campaigns targeting U.S.-based journalists since early 2021, with operations focused on political and national security reporters and White House correspondents in the days leading up to the Jan. 6 attack on the Capitol, researchers said Thursday. The previously unreported efforts are just a few examples of the digital risks that reporters and media companies are facing from an array of well-resourced state-backed hackers. READ MORE...

Bandai Namco confirms hack after ALPHV ransomware data leak threat

Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data. Bandai Namco is a Japanese publisher of numerous popular video games, including Elden Ring, Dark Souls, Pac-Man, Tekken, Gundam, Soulcalibur, and many more. This past Monday, the BlackCat ransomware operation (aka AlphV) claimed to have breached Bandai Namco and stolen corporate data during the attack. READ MORE...

CIA Coder Convicted of Massive Leak of US Hacking Tools

A former CIA programmer was found guilty in New York federal court Wednesday of the 2017 leak of the US spy agency's most valuable hacking tools to WikiLeaks, two years after his initial prosecution ended in mistrial. Joshua Schulte, 33, worked for the CIA's elite hacking unit when he quietly took the "Vault 7" tools it uses to break into target computer and technology systems and, after quitting his job, sent them to the anti-secrecy group. READ MORE...

1.9m patient records exposed in healthcare debt collector ransomware attack

Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that more than 1.9 million people's private data - including names, addresses, social security numbers and health records - was exposed during a ransomware infection. In a notice [PDF] posted on its website, PFC said it "detected and stopped a sophisticated ransomware attack" on February 26 this year. READ MORE...

Facebook 2FA scammers return - this time in just 21 minutes

Have you ever come really close to clicking a phishing link simply through coincidence? We've had a few surprises, such as when we bought a mobile phone from a click-and-collect store a couple of years back. Having lived outside the UK for many years before that, this was our first-ever purchase from this particular business for well over a decade. Yet the very next morning we received an SMS message claiming to be from this very store, advising us we'd overpaid and that a refund was waiting. READ MORE...

DLL Hijacking Flaw Fixed in Microsoft Azure Site Recovery

Microsoft's massive Patch Tuesday rollout this month included fixes for multiple high-severity vulnerabilities impacting the Azure Site Recovery service. Azure Site Recovery represents a suite of tools for ensuring business continuity during outages, such as site recovery - which ensures that both applications and workloads continue to operate on a secondary location - and data backup services. READ MORE...

New Lilith ransomware emerges with extortion site, lists first victim

A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks. Lilith is a C/C++ console-based ransomware discovered by JAMESWT and designed for 64-bit versions of Windows. Like most ransomware operations launching today, Lilith performs double-extortions attacks, which is when the threat actors steal data before encrypting devices. READ MORE...

Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs

Researchers at ETH Zurich have found a way to overcome a commonly used defense mechanism against so-called speculative execution attacks targeting modern microprocessors. In a technical paper published this week, the researchers described how attackers could use their technique - dubbed "Retbleed" - to steal sensitive data from the memory of systems with Intel and AMD microprocessors that are vulnerable to the issue. READ MORE...

Vulnerabilities allowing permanent infections affect 70 Lenovo laptop models

For owners of more than 70 Lenovo laptop models, it's time once again to patch the UEFI firmware against critical vulnerabilities that attackers can exploit to install malware that's nearly impossible to detect or remove. The laptop maker on Tuesday released updates for three vulnerabilities that researchers found in the UEFI firmware used to boot up a host of its laptop models, including the Yoga, ThinkBook, and IdeaPad lines. READ MORE...

MacOS Bug Could Let Malicious Code Break Out of Application Sandbox

Microsoft has revealed a now-fixed flaw in Apple's macOS that allowed specific kinds of code to bypass the operating system's App Sandbox restrictions on third-party applications, potentially allowing attackers to escalate device privileges and install additional malicious payloads. Microsoft shares credit for the find (CVE-2022-26706) with researcher Arsenii Kostromin, the company said in its announcement, adding that Apple patched the vulnerability in its May 16 security update. READ MORE...

  • ...in 1789, French revolutionaries storm and dismantle the Bastille as a prelude to the French Revolution.
  • ...in 1912, American singer-songwriter Woody Guthrie ("This Land Is Your Land") is born in Okemah, OK.
  • ...in 1913, 38th President of the United States Gerald Ford is born in Omaha, NE.
  • ...in 1992, 386BSD (a free Unix-like operating system) is released, beginning the wave of open-source OSes that also brought Linux and its variants.