IT Security Newsletter

IT Security Newsletter - 8/27/2024

Written by Cadre | Tue, Aug 27, 2024

Several Port of Seattle systems down following 'possible cyberattack'

Multiple systems at the Port of Seattle, which oversees one of the busiest ports in the U.S. and the Seattle-Tacoma International Airport, are offline after an apparent cyberattack hit the government agency on Saturday. "Earlier this morning the Port of Seattle experienced certain system outages indicating a possible cyberattack," the official account for the airport posted Saturday afternoon on the social platform X. READ MORE...

AMD internal data reportedly offered for sale

Digital data thieves have reportedly breached AMD's internal communications and are offering the allegedly stolen goods for sale. In an August 25 listing on the dark web marketplace BreachForums, criminal groups IntelBroker and EnergyWeaponUser took credit for the break-in, which they claimed took place the same day - and also swore is separate from IntelBroker's earlier theft and sale of AMD source code and other internal data from June. READ MORE...

China's Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs

Malware hunters at Lumen Technologies have caught Chinese APT Volt Typhoon exploiting a fresh zero-day in Versa Director servers to hijack credentials to break into downstream customers' networks. The high-severity vulnerability, tracked as CVE-2024-39717, was added to the CISA must-patch list over the weekend after Versa Networks confirmed zero-day exploitation and warned that the Versa Director GUI can be hacked to plant malware on affected devices. READ MORE...

Identity of Notorious Hacker USDoD Revealed

The notorious hacker USDoD, who is best known for high-profile data leaks, appears to be a man from Brazil, according to investigations conducted by CrowdStrike and others. Over the past few years, USDoD, aka EquationCorp, has leaked vast amounts of information stolen from major organizations. His targets include the FBI's InfraGard portal, Airbus, credit reporting firm TransUnion, background checking service National Public Data (NPD), and many others. READ MORE...

SonicWall pushes patch for critical vulnerability in SonicOS platform

Network security company SonicWall has identified a critical vulnerability in its SonicOS platform that can be exploited to gain unauthorized access, and in certain conditions, cause the company's firewalls to crash. In a security advisory issued Thursday, the company gives the vulnerability (tracked as CVE-2024-40766) a CVSS score of 9.3. The related entry in the National Vulnerability Database does not have a score assigned as of this article's publication. READ MORE...

Cybercriminals Tap Greasy Opal to Create 750M Fake Microsoft Accounts

Greasy Opal, a sophisticated cyberattack enablement tool, is increasingly being used to execute volumetric bot attacks, providing machine-learning-based tools to enable attackers to launch large-scale bot attacks, particularly targeting CAPTCHA systems. Exhibit A: The Vietnam-based threat actor group Storm-1152 orchestrated an attack using Greasy Opal, resulting in the creation of 750 million fake Microsoft accounts. READ MORE...

Watchdog warns FBI is sloppy on secure data storage and destruction

The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General. Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states. READ MORE...

Google tags a tenth Chrome zero-day as exploited this year

Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is caused by a bug in the compiler backend when selecting the instructions to generate for just-in-time (JIT) compilation. READ MORE...

Hackers Use Rare Stealth Techniques to Down Asian Military, Gov't Orgs

An ongoing campaign is using two largely unheralded stealth techniques to infect high-level organizations in southeast Asia. The first, "GrimResource," is a new technique that allows attackers to execute arbitrary code in the Microsoft Management Console (MMC). The second trick, "AppDomainManager Injection," uses malicious dynamic link libraries (DLLs), but in a way that's easier than traditional sideloading. READ MORE...

  • ...in 1859, Edwin Drake strikes oil at 69 feet near Titusville, Pennsylvania, the world's first successful oil well.
  • ...in 1883, the most powerful volcanic eruption in recorded history occurs on Krakatoa, off the coast of Indonesia.
  • ...in 1904, Newport, RI imposes the first jail sentence for a speeding violation.
  • ...in 1964, the Beatles perform at the Cincinnati Gardens.