IT Security Newsletter - 7/14/2023
British teens accused of hacks against Uber and Rockstar Games's Grand Theft Auto 6
A London court has heard that two British teens hacked and blackmailed a series of companies, causing millions of dollars worth of damage. As Reuters reports, Arion Kurtaj - now 18 years old - is accused of hacking Uber, fintech firm Revolut, and Grand Theft Auto videogame developer Rockstar Games last September. The Rockstar hack resulted in the leak of more than 90 videos of footage from the as-yet-unreleased "Grand Theft Auto 6". READ MORE...
SolarWinds Attackers Dangle BMWs to Spy on Diplomats
The Russia-backed group behind the infamous SolarWinds attack is targeting "an astonishing number" of foreign diplomats working at embassies in the Ukraine with lures that are a bit more personal than the traditional political fare normally used to entice them to click on malicious links. Researchers from Palo Alto Networks' Unit 42 observed the group - which they track as Cloaked Ursa but which is better known as Nobelium/APT29 - a vehicle to get around in. READ MORE...
AVrecon malware infects 70,000 Linux routers to build botnet
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service. This allows its operators to hide a wide spectrum of malicious activities, from digital advertising fraud to password spraying. READ MORE...
Satellites lack standard security mechanisms found in mobile phones and laptops
Researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security in Saarbrücken have assessed the security mechanisms of satellites currently orbiting the Earth from an IT perspective. They analyzed three current low-earth orbit satellites and found that, from a technical point of view, only some modern security concepts were implemented. Various security mechanisms that are standard in modern mobile phones and laptops were not to be found. READ MORE...
Meta's Threads app used as a lure
It was to be expected: As the buzz around Meta's new microblogging platform Threads gained momentum, some individuals have stepped in to take advantage of the fact that the app still can't formally serve users in the European Union (or China, or Russia). Threads - whose full name is "Threads, an Instagram app" - is an app created by Meta's Instagram team and to use it you have to have an Instagram account. READ MORE...
WordPress plugin installed on 1 million+ sites logged plaintext passwords
All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them in a database accessible to website admins. The passwords were logged when users of a site using the plugin, typically abbreviated as AIOS, logged in, the developer of AIOS said Thursday. READ MORE...
Zimbra urges admins to manually fix zero-day exploited in attacks
Zimbra urged admins today to manually fix a zero-day vulnerability actively exploited to target and compromise Zimbra Collaboration Suite (ZCS) email servers. This widely adopted email and collaboration platform is currently employed by over 200,000 businesses spanning 140 countries, including more than 1,000 government and financial organizations worldwide. READ MORE...
Critical RCE Bug in Rockwell Automation PLCs Zaps Industrial Sites
Two vulnerabilities in industrial programmable logic controllers (PLCs) from Rockwell Automation threaten critical infrastructure and industrial environments with disruption. Both of these vulnerabilities are located in the communication modules of the PLCs that are used to physically control operational technology equipment, and are capable of being triggered through malicious common industrial protocol (CIP) messages. READ MORE...
Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations
Cybersecurity company Armis has identified several vulnerabilities in Honeywell distributed control system (DCS) products that could be exploited in attacks aimed at industrial organizations. Armis researchers started disclosing their findings to the industrial giant last year. They discovered a total of nine new vulnerabilities, including seven that have been assigned a 'critical severity' rating. READ MORE...
Critical Cisco SD-WAN Vulnerability Leads to Information Leaks
A remotely-exploitable critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances. Tracked as CVE-2023-20214 (CVSS score of 9.1), the vulnerability exists because the REST API feature of vManage does not sufficiently validate requests. The vManage API allows administrators to configure, control, and monitor Cisco devices over the network. READ MORE...
- ...in 1789, French revolutionaries storm and dismantle the Bastille as a prelude to the French Revolution.
- ...in 1912, American singer-songwriter Woody Guthrie ("This Land Is Your Land") is born in Okemah, OK.
- ...in 1913, 38th President of the United States Gerald Ford is born in Omaha, NE.
- ...in 1992, 386BSD (a free Unix-like operating system) is released, beginning the wave of open-source OSes that also brought Linux and its variants.