IT Security Newsletter - 7/21/2022
Anti-Russian denial-of-service app actually infects pro-Ukrainian activists
An app which purported to launch distributed denial-of-service (DDoS) attacks against the internet infrastructure of Russia, was in reality secretly installing malware on to the devices of pro-Ukrainian activists. As researchers at Google's Threat Analysis Group (TAG) describe, the Moscow-backed Turla hacking group created a website purporting to belong to Ukraine's Azov regiment. READ MORE...
Hackers attempt to infiltrate Ukrainian tech company with backdoor malware, Talos says
Attackers targeted a large, unnamed software development company in Ukraine that services various state entities with a "fairly uncommon" piece of malware in recent weeks, researchers with Cisco Talos said Thursday. The unknown hackers used a slightly modified version of an open-source backdoor named "GoMet," the researchers said, that at least two sophisticated hacking groups have used since 2020. READ MORE...
Lax Security Fuels Massive 8220 Gang Botnet Army Surge
Leveraging little more than Linux bugs, common cloud application vulnerabilities, and misconfigurations, the 8220 Gang has been able to use its latest IRC botnet to infect more than 30,000 hosts with their PwnRig cryptominer. Researchers with SentinelOne reported observing this noteworthy increase in the number of infected hosts over the course of just the past month. In mid-2021, the analysts said the malicious botnet was running on just 2,000 hosts worldwide. READ MORE...
Microsoft starts blocking Office macros by default, once again
Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback. The change comes after the company improved its user and admin support documentation to make it easier to understand the available options when a macro is blocked. READ MORE...
Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!
Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible. There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers. READ MORE...
New 'Lightning Framework' Linux malware installs rootkits, backdoors
A new and previously undetected malware dubbed 'Lightning Framework' targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a "Swiss Army Knife" in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. This malware is yet to be spotted in the wild, and some of its components (referenced in the source code) are yet to be found and analyzed. READ MORE...
New ransomware discovered using Rust, atypical encryption
Kaspersky researchers discovered a new ransomware family written in the Rust programming language on a darknet ransomware forum. Luna uses an atypical encryption scheme, a combination of the x25519 key exchange and the advanced encryption standard, that isn't often encountered in ransomware, according to the research, released Tuesday. It can run on Windows, Linux and ESXi systems with minor variations in the code, according to Kaspersky. READ MORE...
- ...in 1911, Canadian philosopher and media theorist Marshall McLuhan, whose work prefigured the arrival of the modern Internet, is born in Edmonton, Alberta.
- ...in 1951, actor and comedian Robin Williams is born in Chicago, IL.
- ...in 1969, astronaut Neil Armstrong becomes the first person to walk on Earth's Moon, followed 19 minutes later by Edwin "Buzz" Aldrin.
- ...in 2011, the Space Shuttle Atlantis (STS-135) lands at Kennedy Space Center, completing the final mission of NASA's Space Shuttle program.