IT Security Newsletter - 8/19/2022
5 Russia-Linked Groups Target Ukraine in Cyberwar
Over the past eight months, at least five Russian state-sponsored or cybercriminal groups have targeted Ukrainian government agencies and private companies in dozens of operations that aimed to disrupt services or steal sensitive information. In February, state-sponsored groups such as Gamaredon, Sandworm, and Fancy Bear used wiper programs in an attempt to damage infrastructure and sabotage computer systems, researchers at Trustwave say in a new research note. READ MORE...
Google Blocks Record-Setting DDoS Attack That Peaked at 46 Million RPS
In June 2022, Google mitigated a Layer 7 distributed denial-of-service (DDoS) attack that peaked at 46 million requests per second (RPS). Disclosed this week, this is the third HTTPS attack this year to reach tens of millions of RPS, after two lower-volume assaults were mitigated by Cloudflare. The first of them peaked at 15.3 million RPS, Cloudflare announced in April, while the second reached 26 million RPS, the web security company announced in June. READ MORE...
Mailchimp breach shines new light on digital identity, supply chain risk
A malicious round of social engineering attacks against Mailchimp and at least one of its customers, DigitalOcean, highlights a persistent trend in the information security space of threat actors targeting vulnerable organizations by abusing the digital identity supply chain. DigitalOcean migrated away from Mailchimp after the email service provider's internal tooling was compromised by an attacker and unauthorized hackers reset the passwords of a small number of DigitalOcean customers. READ MORE...
LockBit claims ransomware attack on security giant Entrust
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust. Last month, BleepingComputer broke the story that Entrust suffered a ransomware attack on June 18th, 2022. Starting in early June, Entrust had begun to tell customers that they suffered a cyberattack where data was stolen from internal systems. "We have determined that some files were taken from our internal systems," Entrust shared in a security notification to customers. READ MORE...
Google Patches Chrome's Fifth Zero-Day of the Year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with "insufficient validation of untrusted input in Intents," according to the advisory posted by Google. READ MORE...
Winnti hackers split Cobalt Strike into 154 pieces to evade detection
?The Chinese Winnti hacking group, also known as 'APT41' or 'Wicked Spider,' targeted at least 80 organizations last year and successfully breached the networks of at least thirteen. This is according to Group-IB's researchers, who have been following Wintti's activities and describe 2021 as one of the most "intense" years for the Chinese hackers. The researchers say that Wintti targeted organizations in the U.S., India, Taiwan, and even China. READ MORE...
Krebs on Security: PayPal Phishing Scam Uses Invoices Sent Via PayPal
Scammers are using invoices sent through PayPal to trick recipients into calling a number to dispute a pending charge. The missives - which come from Paypal and include a link that displays an invoice for the supposed transaction - state that the user's account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer. READ MORE...
Attackers waited until holidays to hit US government
The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021, mainly focused in Memphis, Tennessee. This data coincides with the attack on the Azusa Police Department in California, however, it reveals even more about the attacks observed the following month. READ MORE...
Two years on, Apple iOS VPNs still leak IP addresses
Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there's no sign of a fix. Back in early 2020, secure mail provider ProtonMail reported a flaw in Apple's iOS version 13.3.1 that prevented VPNs from encrypting all traffic. The issue was that the operating system failed to close existing connections. READ MORE...
- ...in 1871, engineer and aviation pioneer Orville Wright, co-inventor of the first successful motorized airplane, is born in Dayton, OH.
- ...in 1906, early TV pioneer Philo Farnsworth, inventor of the first electronic television system, is born in Beaver, UT.
- ...in 1960, Chubby Checker performs "The Twist" on Dick Clark's weekly variety show, inspiring a worldwide dance craze.
- ...in 2004, Google Inc. holds its initial public offering of stock on NASDAQ at $85 per share.