IT Security Newsletter - 7/6/2023
MOVEit vulnerability snags almost 200 victims, more expected
The widely exploited vulnerability in Progress Software's MOVEit file transfer service has impacted nearly 200 organizations, according to Brett Callow, threat analyst at Emsisoft. The scope of damage caused by Clop's mass exploit of a zero-day vulnerability in MOVEit continues to snowball as third-party vendors expose multiple downstream victims. Progress discovered the zero day over Memorial Day weekend on May 28. READ MORE...
Malicious ad for USPS fishes for banking credentials
We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. Threat actors continue to abuse and impersonate brands, posing as verified advertisers whose only purpose is to smuggle rogue ads via popular search engines. READ MORE...
Suspected bank-infecting OPERA1ER crime boss cuffed
International cops have arrested a suspected "key figure" of a cybercrime group dubbed OPERA1ER that has stolen as much as $30 million from more than 30 banks and financial orgs across 15 countries. The criminals have been active for at least four years, according to law enforcement and security researchers. During that time, they've targeted financial firms and mobile banking services with malware, phishing campaigns, and large-scale business email compromise (BEC) scams. READ MORE...
Android July security updates fix three actively exploited bugs
Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild. "There are indications that the following [vulnerabilities] may be under limited, targeted exploitation," reads Google's bulletin, highlighting CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136. READ MORE...
RAM-ramming Rowhammer is back - to uniquely fingerprint devices
Boffins at the University of California, Davis have devised a purportedly practical way to apply a memory abuse technique called Rowhammer to build unique, stable device fingerprints. UC Davis researchers Hari Venugopalan, Kaustav Goswami, Zainul Abi Din, Jason Lowe-Power, Samuel King, and Zubair Shafiq have found they can use Rowhammer to create device fingerprints in a brief amount of time that are unique and unchanging. READ MORE...
Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks
Hundreds of energy organizations could be exposed to attacks due to an actively exploited vulnerability affecting a solar power monitoring product made by Contec, vulnerability intelligence company VulnCheck warned on Wednesday. Contec specializes in custom embedded computing, industrial automation, and IoT communication technology. The company's SolarView solar power monitoring and visualization product is used at more than 30,000 power stations, according to its website. READ MORE...
Vulnerability in Cisco Enterprise Switches Allows Attackers to
Cisco this week informed customers about a high-severity vulnerability in its Nexus 9000 series switches that could allow unauthenticated attackers to intercept and modify traffic. Tracked as CVE-2023-20185, the issue impacts the ACI multi-site CloudSec encryption feature of the Nexus 9000 switches that are configured in application centric infrastructure (ACI) mode - typically used in data centers for controlling physical and virtual networks. READ MORE...
New StackRot Linux kernel flaw allows privilege escalation
Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "minimal capabilities." The security issue is being referred to as StackRot (CVE-2023-3269) and can be used to compromise the kernel and elevate privileges. A patch is available for the affected stable kernels since July 1st and full details about the issue along with a complete exploit code are expected by the end of the month. READ MORE...
Microsoft Teams Exploit Tool Auto-Delivers Malware
A new tool is available on GitHub that gives attackers a way to leverage a recently disclosed vulnerability in Microsoft Teams and automatically deliver malicious files to targeted Teams users in an organization. The tool, dubbed "TeamsPhisher," works in environments where an organization allows communications between its internal Teams users and external Teams users - or tenants. It allows attackers to deliver payloads directly into a victim's inbox. READ MORE...
- ...in 1946, actor/director/screenwriter Sylvester Stallone ("Rocky", "First Blood") is born in New York City.
- ...in 1946, the 43rd President of the United States, George W. Bush, is born in New Haven, CT.
- ...in 1957, John Lennon and Paul McCartney meet for the first time. Three years later, they would form the Beatles.
- ...in 1980, actress/model Eva Green ("Casino Royale", "Penny Dreadful") is born in Paris.