<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 7/29/2021


Top News

Threat intel firms suggest ransomware gang 'BlackMatter' has ties to DarkSide, REvil hackers

Digital sleuths at cyber threat intelligence firms have found clues that a seemingly new ransomware organization has links to DarkSide and REvil, two gangs that suddenly disappeared shortly after major attacks. From the moment DarkSide vanished following the Colonial Pipeline incident and REvil went dark after locking up JBS and customers of Kaseya, questions swirled about whether a government took them down, whether attackers quit, or whether they simply went underground to rebrand. READ MORE...

Feds list the top 30 most exploited vulnerabilities. Many are years old

Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure Security Agency), the Australian Cyber Security Center, and the UK's National Cyber Security Center listed the top 30 or so most exploited vulnerabilities. READ MORE...

Software Updates

Foxit Plugs Multiple Security Holes in PDF Reader, Editor

Foxit Software this week released security updates for its PDF Reader and PDF Editor applications, to address multiple vulnerabilities, including some leading to remote code execution. Three of the vulnerabilities addressed by Foxit were identified by Cisco Talos researchers, all three leading to arbitrary code execution. Tracked as CVE-2021-21831, CVE-2021-21870, and CVE-2021-21893, the bugs carry CVSS severity score of 8.8. READ MORE...

Here's what that Google Drive "security update" message means

"A security update will be applied to Drive," Google's weird new email reads. A whole bunch of us on the Ars Technica staff got blasted with this last night. If you visit drive[.]google[.]com, you'll also see a message saying, "On September 13, 2021, a security update will be applied to some of your files." You can even see a list of the affected files, which have all gotten an unspecified "security update." So what is this all about? READ MORE...


McAfee: Babuk ransomware decryptor causes encryption 'beyond repair'

A new report from McAfee Advanced Threat Research spotlights the Babuk ransomware gang, which recently announced it would be developing a cross-platform binary aimed at Linux/UNIX and ESXi or VMware systems. McAfee's Thibault Seret and Northwave's Noël Keijzer wrote that many core backend systems in companies are running on these *nix operating systems and Babuk wasted little time in infecting high-profile victims despite numerous problems with the binary. READ MORE...

Google Play Protect fails Android security tests once more

Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against. Google's Android mobile threat protection, which automatically scans over 100 billion apps every day, was introduced during the Google I/O 2017 in May 2017, with rollout to all Android devices starting in July 2017. READ MORE...

Grief ransomware operation is DoppelPaymer rebranded

After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief). It is unclear if any of the original developers are still behind this ransomware-as-a-service (RaaS) but clues uncovered by security researchers point to a continuation of the "project." DoppelPaymer's activity started to decline in mid-May, about a week after DarkSide ransomware's attack on Colonial Pipeline. READ MORE...


Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors

IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to France-based cybersecurity firm RandoriSec. RandoriSec researchers discovered many critical and high-severity vulnerabilities in IP camera firmware made by UDP Technology, a South Korea-based company that provides digital video solutions for the security and IP surveillance industries. READ MORE...

Microsoft researcher found Apple 0-day in March, didn't report it

Yesterday, we wrote about a vaguely mysterious zero-day patch pushed out by Apple. Like almost all Apple security fixes, the update arrived without any sort of warning, but unlike most Apple updates, only a single bug was listed on the "fix list," and even by Apple's brisk and efficient bug-listing standards, the information published was thin. The update was issued only for the very latest supported incarnations of iOS, iPadOS and macOS (major release numbers iOS/iPadOS 14 and macOS 11). READ MORE...

On This Date

  • ...in 1588, the Spanish Armada is defeated off the coast of Gravelines, France by British naval forces.
  • ...in 1909, the Buick Motor Company acquires the Cadillac Motor Company on behalf of General Motors for $4.5 million.
  • ...in 1953, Rush lead singer and bassist Gary Lee Weinrib, AKA Geddy Lee, is born in North York, Ontario.
  • ...in 1958, the US space agency NASA (National Aeronautics and Space Administration) is created as the successor to the National Advisory Committee for Aeronautics (NACA).