<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/2/2021

SHARE

Top News

Russia's APT28 Blamed for Brute Force Campaign Using Kubernetes

The US and UK authorities have issued a new warning of state-sponsored Russian threat activity, focused on stealing information from global targets. The new NSA, CISA, NCSC and FBI alert attributes the campaign, which has been ongoing since mid-2019, to military intelligence outfit APT28 (aka Fancy Bear, Strontium). The threat actors use a Kubernetes cluster to conduct "distributed and large-scale targeting using password spray and password guessing". READ MORE...

Breaches

Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web

The VPN provider known as LimeVPN has been hit with a hack affecting 69,400 user records, according to researchers. A hacker claims to have stolen the company's entire customer database before knocking its website offline (Threatpost confirmed that as of press time, the website was down). The stolen records consist of user names, passwords in plain text, IP addresses and billing information, according to PrivacySharks. Researchers added the attack also included public and private keys of LimeVPN users. READ MORE...

Hacking

New Charges Filed Against Alleged Capital One Hacker

The United States has filed additional charges against a former Amazon employee accused of stealing the personal data of more than 100 million Americans and six million Canadians. A superseding indictment filed in June accuses former software engineer Paige A. Thompson of seven new charges relating to the hack of Capital One. Six of the charges relate to computer fraud and abuse and one relates to access device fraud. READ MORE...

Software Updates

Microsoft shares mitigations for Windows PrintNightmare zero-day bug

Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. This remote code execution (RCE) bug-now tracked as CVE-2021-34527-impacts all versions of Windows per Microsoft, with the company still investigating if the vulnerability is exploitable on all of them. READ MORE...

Malware

Linux Variant of REvil Ransomware Targets VMware's ESXi, NAS Devices

Cybercriminals behind a string of high-profile ransomware attacks, including one extorting $11 million from JBS Foods last month, have ported their malware code to the Linux operating system. The unusual move is an attempt to target VMware's ESXi virtual machine management software and network attached storage (NAS) devices that run on the Linux operating system (OS). READ MORE...


Gozi Virus Arrest Made in Colombia

A Romanian, accused of helping to distribute a computer virus that infected over a million machines, has been arrested in Colombia. Suspected cyber-criminal Mihai Ionut Paunescu is wanted in the United States for allegedly playing a role in the dissemination of the Gozi virus. The virus, which ravaged computers in at least eight different countries between 2007 and 2012, was used to steal money from victims' bank accounts. READ MORE...


Babuk ransomware is back, uses new version on corporate networks

After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate networks. The criminals are currently using a new version of their file-encrypting malware and have moved the operation to a new leak site that lists a handful of victims. The Babuk ransomware group became known at the beginning of the year but the gang says that their attacks had started in mid-October 2020. READ MORE...

Exploits/Vulnerabilities

Vulnerabilities in WAGO Devices Expose Industrial Firms to Remote Attacks

Several critical and high-severity vulnerabilities have been identified in programmable logic controller (PLC) and human-machine interface (HMI) products made by WAGO, a German company specializing in electrical connection and automation solutions. According to an advisory published this week by Germany's CERT@VDE, which coordinates cybersecurity issues related to industrial automation, several WAGO products are affected by four memory-related flaws impacting the iocheckd service I/O-Check. READ MORE...

On This Date

  • ...in 1776, the Second Continental Congress, assembled in Philadelphia, formally adopts a resolution for independence from Great Britain.
  • ...in 1881, President James A. Garfield is shot by assassin Charles J. Guiteau. Garfield lived another 80 days before succumbing to his injuries.
  • ...in 1964, President Johnson signs the Civil Rights Act, prohibiting discrimination based on race, color, religion, sex, or national origin.
  • ...in 1992, Chevrolet builds the 1,000,000th Corvette. It is currently on display at the Corvette Museum.