<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/19/2022

SHARE

Hacking

Russian SVR hackers use Google Drive, Dropbox to evade detection

State-backed hackers part of Russia's Federation Foreign Intelligence Service (SVR) have started using Google Drive legitimate cloud storage service to evade detection. By using online storage services trusted by millions worldwide to exfiltrate data and deploy their malware and malicious tools, the Russian threat actors are abusing that trust to render their attacks exceedingly tricky or even impossible to detect and block. READ MORE...

Software Updates

Retbleed Fixed in Linux Kernel, Patch Delayed

Linux kernel developers have successfully addressed Retbleed, the latest Spectre-like speculative execution attack against older AMD and Intel processors, Linus Torvalds wrote in a message to the Linux Kernel Mailing List on Sunday. However, the difficult repair process means there will be a delay of the release for Linux version 5.19 by a week. "I think we've got the retbleed fallout all handled (knock wood)," Torvalds wrote. READ MORE...


Juniper Networks Patches Over 200 Third-Party Component Vulnerabilities

Juniper Networks last week published 21 security advisories to inform customers about more than 200 vulnerabilities affecting its products. The security holes impact Junos OS (including on SRX, EX, PTX, QFX and MX series devices), Junos Space, Contrail Networking, and Northstar Controller products. Six advisories describe six high-severity vulnerabilities that are specific to Juniper products. READ MORE...

Malware

New CloudMensis malware backdoors Macs to steal victims' data

Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks. ESET researchers first spotted the new malware in April 2022 and named it CloudMensis because it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control (C2) communication. READ MORE...


Botnet malware disguises itself as password cracker for industrial controllers

Industrial engineers and operators are being lured into running backdoor malware disguised as tools for recovering access to work systems. These programs offer to crack passwords for specific programmable logic controllers, according to security shop Dragos this month. According to their online ads, the cracking tools can help unlock products from more than a dozen electronics manufacturing companies, including Siemens, Mitsubishi, Fuji, Panasonic, LG, and Omron. READ MORE...

Information Security

A Deep Dive Into the Residential Proxy Service '911'

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe. 911 says its network is made up entirely of users who voluntarily install its "free VPN" software. But new research shows the proxy service has a long history of purchasing installations via shady "pay-per-install" affiliate marketing schemes. READ MORE...

Exploits/Vulnerabilities

CISA releases indicators of compromise for hard-hit VMware Horizon

State-sponsored advanced persistent threat actors are still exploiting Log4Shell vulnerabilities in unpatched VMware Horizon and Unified Access Gateway servers, the Cybersecurity and Infrastructure Security Agency warned in an updated advisory Monday. Organizations that did not apply previously released patches or workarounds should "treat all affected VMware systems as compromised," CISA and the U.S. Coast Guard Cyber Command said in the update. READ MORE...


WordPress Page Builder Plug-in Under Attack, Can't Be Patched

Although the plug-in is no longer available, the Kaswara Modern WPBakery Page Builder Addons is still running on as many as 8,000 WordPress sites, according to analysts who warn the app's unpatched file upload vulnerability is under active attack. The WordPress bug, tracked under CVE-2021-24284, can be used to upload malicious PHP files to an affected website, according to the research team at Wordfence. READ MORE...


New Deanonymization Attack Works on Major Browsers, Websites

Researchers with the New Jersey Institute of Technology have devised a new targeted deanonymization attack that relies on a cache side-channel and which they say is efficient on multiple architectures, operating systems, and browser versions, and works on major websites. As part of targeted deanonymization attacks, a threat actor who is in possession of a public identifier belonging to their intended victim can determine whether the victim is browsing a website they control. READ MORE...

Science & Culture

X-rays reveal hidden Van Gogh self-portrait

A routine cataloging procedure of a painting by Vincent van Gogh at the National Galleries in Scotland yielded an unexpected discovery: a hidden self-portrait on the back of the canvas. The portrait was revealed while conservationists were conducting an X-ray analysis of Head of a Peasant Woman as part of a cataloging exercise in preparation for an upcoming exhibition. Once the exhibit opens, visitors can view the X-ray image through a specially crafted lightbox at the center of the display. READ MORE...

On This Date

  • ...in 1883, animator Max Fleischer, who brought to life the adventures of Popeye, Betty Boop, and Superman, is born in Krakow, Austria-Hungary.
  • ...in 1900, the first line of the Paris Metro opens for operation.
  • ...in 1976, English actor Benedict Cumberbatch ("Sherlock", "Doctor Strange") is born in London.
  • ...in 1977, the world's first GPS signal is transmitted from a navigation satellite and received by scientists at Rockwell Collins in Cedar Rapids, IA.