IT Security Newsletter

IT Security Newsletter - 8/15/2022

Written by Cadre | Mon, Aug 15, 2022

US Government Shares Photo of Alleged Conti Ransomware Associate

The United States has been offering significant rewards for information on individuals involved in the Conti ransomware operation and the Department of State on Thursday provided additional details on who it's looking for and even shared a photo of a suspect. The State Department is looking for information on the hackers behind Conti, TrickBot and Wizard Spider, specifically the members known online as 'Tramp', 'Dandis', 'Professor', 'Reshaev' and 'Target'. READ MORE...

Chinese hackers backdoor chat app with new Linux, macOS malware

Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems. SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022. READ MORE...

Killnet Releases 'Proof' of its Attack Against Lockheed Martin

On August 1, Lockheed Martin was supposedly targeted with a DDoS attack delivered by the pro-Russian hacker group Killnet. The information came via the Moscow Times who reported Killnet's claim for responsibility. There has been no word from Lockheed Martin about the supposed attack beyond telling Newsweek it is "aware of the reports and have policies and procedures in place to mitigate cyber threats to our business." READ MORE...

SOVA malware adds ransomware feature to encrypt Android devices

The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices. With the latest release, the SOVA malware now targets over 200 banking, cryptocurrency exchange, and digital wallet applications, attempting to steal sensitive user data and cookies from them. Moreover, it features refactored and improved code that helps it operate more stealthy on the compromised device. READ MORE...

Cybercriminals Weaponizing Ransomware Data for BEC Attacks

Cybercriminals and other threat actors are increasingly using data dumped from ransomware attacks in secondary business email compromise attacks, according to new analysis by Accenture Cyber Threat Intelligence. The ACTI team analyzed data from 20 most active ransomware leak sites, measured by number of featured victims, between July 2021 and July 2022. READ MORE...

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries-particularly healthcare-as well as critical infrastructure organizations, the feds are warning. Threat actors deploying the ransomware as a service (RaaS) are tapping remote desktop protocol (RDD) exploitation and SonicWall firewall vulnerabilities to breach target networks. READ MORE...

Krebs on Security: Sounding the Alarm on Emergency Alert System Flaws

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System - a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system. READ MORE...

Over 9,000 VNC servers exposed online without a password

Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via RFB (remote frame buffer protocol) over a network connection. READ MORE...

Weaponized PLCs Can Hack Engineering Workstations in Attacks on Industrial Orgs

Researchers have shown how hackers could weaponize programmable logic controllers (PLCs) and use them to exploit engineering workstations running software from several major industrial automation companies. PLCs can be a tempting target for threat actors as they can be abused to cause damage and disruption, and to make changes to the processes they control. This is why they are often seen as the ultimate goal of an attacker. READ MORE...

Palo Alto bug used for DDoS attacks and there's no fix yet

A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week. The vulnerability, tracked as CVE-2022-0028, received an 8.6 out of 10 CVSS score, and it affects PAN OS, the operating system in Palo Alto Networks' network security products. READ MORE...

  • ...in 1877, Thomas Edison makes the first-ever sound recording, of himself reciting "Mary had a little lamb."
  • ...in 1965, The Beatles play to nearly 60,000 fans at Shea Stadium, ushering in the age of "stadium rock."
  • ...in 1969, The Woodstock Music & Art Fair opens in upstate New York, showcasing some of the era's most popular musical acts.
  • ...in 1971, President Nixon signs legislation officially detaching the value of the U.S. dollar from the "gold standard."