IT Security Newsletter - 7/18/2022
Hackers pose as journalists to breach news media org's networks
Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation. READ MORE...
Elastix VoIP systems hacked in massive campaign to install PHP web shells
Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Elastix is a server software for unified communications (Internet Protocol Private Branch Exchange [IP PBX], email, instant messaging, faxing) that is used in the Digium phones module for FreePBX. READ MORE...
CISA pulls the fire alarm on Juniper Networks bugs
Juniper Networks has patched critical-rated bugs across its Junos Space, Contrail Networking and NorthStar Controller products that are serious enough to prompt CISA to weigh in and advise admins to update the software as soon as possible. "CISA encourages users and administrators to review the Juniper Networks security advisories page?and apply the necessary updates," according to the Feds' warning this week. READ MORE...
Emerging H0lyGh0st Ransomware Tied to North Korea
Microsoft researchers have linked an emerging ransomware threat that already has compromised a number of small-to-mid-sized businesses to financially motivated North Korean state-sponsored actors that have been active since last year. A group tracked by researchers from Microsoft Threat Intelligence Center (MSTIC) as DEV-0530 but that calls itself H0lyGh0st has been developing and using ransomware in attacks since June 2021. READ MORE...
A look inside Russian cybercrime syndicate TrickBot reveals an organized, potent adversary
On Feb. 21, just days before Russia launched its brutal invasion of Ukraine, someone with the username "fire" posted a message to one of the TrickBot cybercrime syndicate's internal chat groups. "We are in a difficult situation," fire wrote in an attempt to explain to others why they hadn't been paid, and to ask for their patience. There had been "too many leaks," among other circumstances, so "the boss has apparently decided to lay low." READ MORE...
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine
The infamous Sandworm threat group operating out of Russia's military GRU unit has no qualms about taunting researchers when it finds it is being watched. Just ask Robert Lipovsky and his fellow researchers at ESET, who got the message loud and clear when they dissected one of Sandworm's newer malware variants earlier this year: The Sandworm attackers disguised the loader for one of its data-wiping variants as the IDAPro reverse-engineering tool. READ MORE...
Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise
Netwrix IT asset tracker and compliance auditor, used across more than 11,500 organizations, contains a critical Insecure Object Deserialization vulnerability that could lead to Active Directory domain compromise, a new advisory warns. The CVE is pending, according to Bishop Fox, which just released details of the vulnerability, which affects all older supported versions of the Netwrix application versions, back to 9.96. READ MORE...
- ...in 1921, Marine aviator, astronaut, and US Senator John Glenn is born in Cambridge, OH. He was the first American astronaut to orbit the Earth on the Mercury-Atlas 6 mission.
- ...in 1940, President Franklin Delano Roosevelt is nominated for an unprecedented third term.
- ...in 1968, microprocessor manufacturer Intel is founded in Mountain View, CA.
- ...in 1976, Romanian gymnast Nadia Comaneci becomes the first Olympic competitor to score a perfect 10 in a gymnastics event.