IT Security Newsletter - 7/19/2023
Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months
The second quarter of 2023 has seen "an alarming escalation in the sophistication" of distributed denial-of-service attacks, Cloudflare said Tuesday, pointing to a proliferation of more targeted digital assaults designed to take down websites and other connected services. Cloudflare, a company that mitigates DDoS attacks and provides other web services, said in its second quarter threat report that it has tracked thousands of attacks launched by a consortium of pro-Russian hacktivist groups. READ MORE...
Microsoft hit by Storm season - a tale of two semi-zero days
At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company's security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. READ MORE...
Recycling giant TOMRA pulls systems offline following 'extensive cyberattack'
Norwegian mining and recycling giant TOMRA says it has isolated tech systems as it deals with an "extensive cyberattack." TOMRA has multiple divisions that focus on areas including waste and recycling solutions, metal sorting systems, mining machine systems and food sorting equipment. It turned over $1.2 billion in calendar 2022. The attack began at the weekend on July 16, the company told the Oslo Stock Exchange yesterday. READ MORE...
FIN8 Modifies 'Sardonic' Backdoor to Deliver BlackCat Ransomware
The threat actor FIN8 has resurged after a lull, using a revised version of its Sardonic backdoor to deliver the BlackCat ransomware. It's an evolution of its malware arsenal that fits the group's pattern of constant reinvention. FIN8, which Symantec tracks as "Syssphinx," is a well-known, financially-motivated cybercrime group, which in the past has indiscriminately targeted organizations across the chemicals, entertainment, finance, hospitality, insurance, retail, and technology industries. READ MORE...
Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware
A threat actor infected their own computer with an information stealer, which has allowed Israeli threat intelligence company Hudson Rock to uncover their real identity. Using the online moniker 'La_Citrix', the threat actor has been active on Russian speaking cybercrime forums since 2020, offering access to hacked companies and info-stealer logs from active infections. READ MORE...
Citrix NetScaler zero-day exploited in the wild, patch is available
Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. CVE-2023-3519 is a remote code execution (RCE) vulnerability that could allow an unauthenticated threat actor to execute arbitrary code on a vulnerable server. At this time there is no public PoC, but the vulnerability has been observed being exploited in the wild. READ MORE...
Oracle Releases 508 New Security Patches With July 2023 CPU
Oracle on Tuesday announced the release of 508 new security patches as part of the July 2023 CPU, including more than 75 patches that resolve critical-severity vulnerabilities. More than 350 of the security patches address vulnerabilities that can be exploited remotely, without authentication. Some of these flaws impact multiple products, Oracle's advisory reveals. READ MORE...
Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation. Discovered yesterday by MalwareHunterTeam, the ransomware was initially thought to be part of a red team exercise by Sophos. However, the Sophos X-Ops team tweeted that they did not create the encryptor and that they are investigating its launch. READ MORE...
Ukraine takes down massive bot farm, seizes 150,000 SIM cards
The Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. The bots were used to push Russian propaganda justifying Russia's war in Ukraine, to disseminate illegal content and personal information, and in various other fraudulent activities. READ MORE...
Attackers Pummel Millions of Websites via Critical WooCommerce Payments Flaw
Attackers have been exploiting a critical flaw in the WordPress WooCommerce Payments plug-in in a spate of attacks over the last few days that peaked at 1.3 million attempts against 157,000 sites on July 15, researchers have found. Researcher Michael Mazzolini of GoldNetwork discovered flaw - tracked as CVE-2023-28121 and rated as 9.8 out of 10 on the CVSS vulnerability rating scale - in March while doing white-hat testing through WooCommerce's HackerOne program. READ MORE...
- ...in 1883, animator Max Fleischer, who first brought to life the adventures of Popeye, Betty Boop, and Superman, is born in Krakow, Austria-Hungary.
- ...in 1900, the first line of the Paris Metro opens for operation.
- ...in 1976, English actor Benedict Cumberbatch ("Sherlock", "Doctor Strange") is born in London.
- ...in 1977, the world's first GPS signal is transmitted from a navigation satellite and received by scientists at Rockwell Collins in Cedar Rapids, IA.