<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/22/2022

SHARE

Top News

US Cyber Command spots another 20 malware strains targeting Ukraine

US Cyber Command has disclosed 20 new strains of malware among the numerous software nasties and cyberattacks being used against Ukrainian targets over the last few months. In an alert this week, the Pentagon's cyberspace wing made public indicators of compromise (IOC) associated with various malware strains that were found in Ukrainian networks by the country's security service. READ MORE...

Hacking

Hackers breach Ukrainian radio network to spread fake news about Zelenskiy

On Thursday, Ukrainian media group TAVR Media confirmed that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care. According to the State Service of Special Communications and Information Protection of Ukraine (SSCIP), the network operates nine major Ukrainian radio stations, including Hit FM, Radio ROKS, KISS FM, Radio RELAX, Melody FM, Nashe Radio, Radio JAZZ, Classic Radio, and Radio Bayraktar. READ MORE...

Software Updates

Atlassian Patches Servlet Filter Vulnerabilities Impacting Multiple Products

Atlassian this week announced patches for two critical Servlet Filter vulnerabilities that impact multiple products across its portfolio. Servlet Filters are pieces of Java code designed to intercept and process HTTP requests sent between a client and a backend. Servlet Filters may offer security mechanisms such as auditing, authentication, logging, or authorization. READ MORE...


Code Execution and Other Vulnerabilities Patched in Drupal

Drupal developers have announced the release of updates that patch several vulnerabilities in the open source content management system (CMS). Drupal has released four advisories that describe four types of vulnerabilities. One of them has been rated "critical" and the other three "moderately critical." Drupal uses the NIST Common Misuse Scoring System to rate vulnerabilities - instead of CVSS - with flaws being rated "less critical," "moderately critical," "critical" and "highly critical." READ MORE...

Malware

Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene

A previously unknown macOS spyware has surfaced in a highly targeted campaign, which exfiltrates documents, keystrokes, screen captures, and more from Apple machines. Interestingly, it exclusively uses public cloud-storage services for housing payloads and for command-and-control (C2) communications - an unusual design choice that makes it difficult to trace and analyze the threat. READ MORE...

Exploits/Vulnerabilities

Chrome zero-day used to infect journalists with Candiru spyware

The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware. The flaw tracked as CVE-2022-2294 is a high-severity heap-based buffer overflow in WebRTC, which, if successfully exploited, may lead to code execution on the target device. READ MORE...

On This Date

  • ...in 1894, the first motor race is held in France between the cities of Paris and Rouen. The winning vehicle's average speed: 11 mph.
  • ...in 1933, American aviator Wiley Post returns to Floyd Bennett Field in New York, having flown solo around the world in 7 days, 18 hours, and 49 minutes.
  • ...in 1940, "Jeopardy!" host and TV producer Alex Trebek is born in Ontario, Canada.
  • ...in 1990, American cyclist Greg LeMond wins his second consecutive Tour de France, and his third overall.