IT Security Newsletter - 7/15/2022
Log4j is far from over, cyber review board says
Log4j, despite its prevalence and difficulty to find, was exploited at lower levels than experts predicted when it was disclosed in December 2021, the Cyber Safety Review Board said in a post-mortem incident report released Thursday. Secretary of Homeland Security Alejandro Mayorkas delivered the report to President Joe Biden. Yet, Log4j is an "endemic vulnerability," likely to persist for years or even decades, the review board said. "The Log4j event is not over." READ MORE...
Digital burglary at recruitment agency Morgan Hunt confirmed
The bad news keeps on rolling for British recruitment agency Morgan Hunt amid confirmation it suffered a digital burglary, with intruders making off with the personal data for some of the freelancers on its books. In a letter to contractors, Morgan Hunt - which provides personnel services to clients in the charity education, finance, government, housing and technology sectors - confirmed the break-in: READ MORE...
Predatory Sparrow massively disrupts steel factories while keeping workers safe
Stuxnet's attack on Iran's uranium enrichment facilities manifested fears of cyberattacks leaking into the real world. What once was theory is now upon us. Two weeks ago, multiple Iranian steel facilities experienced a cyberattack that might have been pulled off by what many cybersecurity experts in the field believe is "a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation." READ MORE...
Powerful 'Mantis' DDoS Botnet Hits 1,000 Organizations in One Month
Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone. Dubbed Mantis, the botnet is responsible for a record-breaking 26 million requests per second (RPS) HTTPS DDoS attack observed in June, and it has since continued to display strength, with more than 3,000 attacks launched over the past several months. READ MORE...
Lenovo issues firmware updates after UEFI vulnerabilities disclosed
Security researchers have spotted fresh flaws in Lenovo laptops just months after the vendor patched a bunch of its products. The PC maker has now fixed the trio of bugs, which were flagged up by ESET this week. More than 70 models were impacted by this latest issue, including a number of ThinkBook devices. The vulnerabilities reported were buffer overflows in the UEFI firmware. READ MORE...
Microsoft links Holy Ghost ransomware operation to North Korean hackers
For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries. The group has been active for quite a while but it failed to gain the notoriety and financial success of other gangs even if the operation followed the same recipe: double extortion combined with a leak site to publish the name of the victims and stolen data. READ MORE...
New Phishing Kit Hijacks WordPress Sites for PayPal Scam
Researchers have discovered a new phishing kit that injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data, including government documents, photos, and even banking information - under the guise of security controls. Akamai researchers said the attackers use a file management WordPress plug-in to deploy the phishing kit. READ MORE...
How Hackers Create Fake Personas for Social Engineering
On April 18, 2022, a handful of US citizens scrambled to get their taxes filed. While tax season is usually a stressor, consider that these filers got some unsolicited help. Imagine that somehow, strangers that might resemble angels just appeared in their lives, offering guidance and help to work with them through this process … all through the computer screen. READ MORE...
- ...in 1799, the Rosetta Stone is found in Egypt by French Army officer Pierre-Francois Bouchard.
- ...in 1961, actor Forest Whitaker ("Bird", "The Last King of Scotland") is born in Longview, TX.
- ...in 1967, film effects designer and "MythBusters" co-host Adam Savage is born in New York City.
- ...in 2003, the Mozilla Foundation is established following the disbanding of its precursor company, Netscape.