<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/26/2024

SHARE

Top News

97% of Devices Disrupted by CrowdStrike Restored as Insurer Estimates Billions in Losses

CrowdStrike on Thursday said more than 97% of the Windows computers disrupted by its bad update had been back online. The incident is expected to cause billions in direct losses for major companies. "Our recovery efforts have been enhanced thanks to the development of automatic recovery techniques and by mobilizing all our resources to support our customers," CrowdStrike CEO George Kurtz said on Thursday in a post on LinkedIn. READ MORE...


Feds Warn of North Korean Cyberattacks on US Critical Infrastructure

A long-known cyber-espionage group working on behalf of North Korea's foreign intelligence service is systematically stealing technical information and intellectual property from organizations in the US and other countries to advance its own nuclear and military programs. The group - which security vendors track variously as Andariel, Silent Chollima, Onyx Sleet, and Stonefly - is using ransomware attacks on US health care entities to fund the campaign, the US government warned this week. READ MORE...

Hacking

Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank

Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to spread malware. The research, penned by Antonis Terefos of Check Point Software, named the collection of GitHub accounts "Stargazer Ghost Network" and asserted it's operated by a threat actor the cyber security firm labelled "Stargazer Goblin." READ MORE...


US Offers $10 Million Reward for Information on North Korean Hacker

The US Department of State has announced a reward of up to $10 million for information on a North Korean national charged with hacking hospitals, military bases, and NASA. The individual, Rim Jong Hyok, is an alleged member of the hacking group tracked as APT45, Andariel, DarkSeoul, Onyx Sleet (formerly Plutonium), Silent Chollima, and Stonefly/Clasiopa, which operates on behalf of a North Korean military intelligence agency, the Reconnaissance General Bureau. READ MORE...

Trends

Russian ransomware gangs account for 69% of all ransom proceeds

Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. This number is from TRM Labs, a blockchain intelligence and analytics firm specializing in crypto-assisted money laundering and financial crime. North Korea is the leader in stealing cryptocurrency through exploits and breaches, having stolen over a billion dollars in 2023. Asia also remains the leader in scams and investment fraud. READ MORE...

Exploits/Vulnerabilities

Progress discloses second critical flaw in Telerik Report Server in as many months

Progress Software's latest security advisory warns customers about the second critical vulnerability targeting its Telerik Report Server in as many months. CVE-2024-6327 is an insecure deserialization vulnerability (CWE-502) carrying a 9.9 CVSS score. Successful exploits can lead to remote code execution (RCE) on servers running all versions prior to 10.1.24.709. READ MORE...


Secure Boot is completely broken on 200+ models from 5 big device makers

In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect against a long-looming security threat. The threat was the specter of malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted up. From there, it could remain immune to detection and removal and could load even before the OS and security apps did. READ MORE...


Critical ServiceNow RCE flaws actively exploited to steal credentials

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government agencies, data centers, energy providers, and software development firms. READ MORE...

On This Date

  • ...in 1948, President Harry S. Truman signs Executive Order 9981, officially desegregating the U.S. military.
  • ...in 1964, actress Sandra Bullock (""Speed", "Gravity") is born in Arlington, VA.
  • ...in 1990, President George H.W. Bush signs the Americans With Disabilities Act.
  • ...in 2005, NASA launches space shuttle Discovery on STS-114, the first manned flight mission after the 2003 Columbia disaster.