<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/11/2023

SHARE

Top News

Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault

The cyberattack that crippled satellite communications on the eve of the Ukraine war was more broad than initially understood and carried out by attackers with detailed knowledge of the compromised system, an executive with Viasat, whose modems were targeted in the attack, revealed during a talk Thursday at the Black Hat cybersecurity conference. When hackers attacked Viasat as Russian forces prepared to stream across Ukraine's border, they used malware that wiped thousands of modems. READ MORE...

Hacking

Magento shopping cart attack targets critical vulnerability revealed in early 2022

Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February 13, 2022. Security researchers at Akamai say they have identified a server-side template injection campaign aimed at Magneto 2 shops that have yet to address CVE-2022-24086, an input validation flaw with a CVSS score of 9.8. READ MORE...


Lapsus$ hackers took SIM-swapping attacks to the next level

The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture. Reviewing the group's operations started in December last year following a long trail of incidents attributed to or claimed by Lapsus$ after leaking proprietary data from alleged victims. READ MORE...

Malware

Privacy-invading LetMeSpy stalkerware announces it is shutting down after hack

I doubt there will be many people shedding tears at the news that a stalkerware company has announced it is permanently ceasing operations at the end of this month - after it suffered a devastating data breach. The Polish developers of LetMeSpy, an Android stalkerware or spouseware app, announced in June that hackers had broken into its infrastructure and stolen its entire user database. READ MORE...


MoustachedBouncer hackers use AiTM attacks to spy on diplomats

A cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus. According to an ESET report released today, the researchers observed five distinct campaigns, with the threat actors believed to be active since at least 2014, using AitM at Belarusian ISPs since 2020. READ MORE...

Exploits/Vulnerabilities

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying

Over a dozen vulnerabilities discovered by Microsoft researchers in Codesys products can be exploited to cause disruption to industrial processes or deploy backdoors that allow the theft of sensitive information. Germany-based Codesys makes automation software for engineering control systems. Its products are used by some of the world's largest industrial control system (ICS) manufacturers, the vendor claiming that its software is found in millions of devices. READ MORE...


There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack

A couple of techniques collectively known as TunnelCrack can, in the right circumstances, be used by snoops to force victims' network traffic to go outside their encrypted VPNs, it was demonstrated this week. A team of academics on Tuesday explained how the attacks work, released proof-of-concept exploits, and reckoned "every VPN product is vulnerable on at least one device." Their co-authored Usenix-accepted paper has all the details. READ MORE...

On This Date

  • ...in 1929, Babe Ruth becomes the first baseball player to hit 500 home runs, at League Park in Cleveland, OH.
  • ...in 1942, film actress and inventor Hedy Lamarr receives a patent for a frequency-switching communication system. It later becomes the basis for cellular and Wi-Fi technology.
  • ...in 1950, computer scientist, programmer, and Apple Computer cofounder Steve Wozniak is born in San Jose, CA.
  • ...in 1952, guitarist Robert "Bob 1" Mothersbaugh of new wave band Devo ("Whip It", "Beautiful World") is born in Akron, OH.