<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/22/2023

SHARE

Top News

US Military Targeted in Recent HiatusRAT Attack

A recent HiatusRAT campaign has been targeting a US military procurement system for reconnaissance, cybersecurity firm Lumen reports. Initially observed at the beginning of the year, HiatusRAT has been targeting high-bandwidth routers typically used by medium-sized businesses, allowing attackers to run commands, exfiltrate data, and establish a covert proxy network. READ MORE...

Breaches

Tesla Data Breach Investigation Reveals Inside Job

Tesla acknowledged In a filing with Maine's attorney general that a recent data breach it experienced affecting over 75,000 individuals was due to "insider wrongdoing." On May 10, Handelsbatt, a German media outlet, informed Tesla that it had received 100GB of data from an informant at Tesla. The information provided by the whistleblower contained 23,000 internal files from 2015 to 2022 concerning Tesla allegedly receiving 3,900 reports of self-acceleration and brake-function issues. READ MORE...

Hacking

New 'Carderbee' APT Targeted Chinese Security Software in Supply Chain Attack

A newly discovered advanced persistent threat (APT) actor has been observed deploying the PlugX backdoor via a supply chain attack, mainly targeting organizations in Hong Kong, Symantec reports. Dubbed Carderbee, the adversary was seen abusing the legitimate Cobra DocGuard software, which helps users protect, encrypt, and decrypt applications. The tool is developed by EsafeNet, which is owned by Chinese information security firm NSFocus. READ MORE...

Software Updates

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company's SRX firewalls and EX switches. Junos OS is an operating system based on Linux and FreeBSD that runs on Juniper Networks firewalls, network switches and other security devices. The affected component - J-Web - is the graphical user interface (GUI) used to manage devices running Junos. READ MORE...

Malware

'Cuba' Ransomware Group Uses Every Trick in the Book

In June, Russian ransomware group Cuba attacked an organization servicing US critical infrastructure. The cyberattack failed despite the group's use of multiple CVEs, off-the-shelf tools, unique malware programs, and evasion methods. Cuba is a financially motivated threat actor known for big money ransomware attacks primarily targeting US organizations. In its latest known campaign discovered by BlackBerry, it targeted an American critical infrastructure provider as well as a systems integrator in Latin America. READ MORE...

Information Security

Ongoing Duo outage causes Azure Auth authentication errors

Cisco-owned multi-factor authentication (MFA) provider Duo Security is investigating an ongoing outage that has been causing authentication failures and errors starting three hours ago. The outage also led to Core Authentication Service issues across multiple Duo servers, triggering Azure Auth authentication errors for Azure Conditional Access integrations in a systemwide outage. READ MORE...

Exploits/Vulnerabilities

"Snakes in airplane mode" - what if your phone says it's offline but isn't?

Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We'll start with the good news: the tricks that Jamf discovered can't magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to implant rogue software onto your iPhone first in order to pull off a "fake airplane" attack. READ MORE...


TP-Link smart bulbs can let hackers steal your WiFi password

Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link's Tapo app, which could allow attackers to steal their target's WiFi password. TP-Link Tapo L530E is a top-selling smart bulb on multiple marketplaces, including Amazon. TP-link Tapo is a smart device management app with 10 million installations on Google Play. The researchers from Universita di Catania and the University of London analyzed this product due to its popularity. READ MORE...

On This Date

  • ...in 1776, British troops land at Long Island in preparation for the capture and occupation of New York City, lasting until the end of the Revolutionary War in 1783.
  • ...in 1864, the International Red Cross is founded as part of the first Geneva Convention, to provide humanitarian aid in times of war.
  • ...in 1902, the Cadillac Motor Car Division is founded from the remnants of the Henry Ford Company.
  • ...in 1989, Texas Ranger Nolan Ryan becomes the first MLB pitcher to record 5,000 strikeouts.