IT Security Newsletter - 8/31/2023
New York Times Spoofed to Hide Russian Disinformation Campaign
A Russian disinformation campaign has been found spreading fake articles posing as legitimate stories from major media outlets, such as The Washington Post and Fox News, in order to undermine the Western support for Ukraine amid the Russian-Ukraine War. This is according to Meta's latest threat report, which asserts that there are two companies behind this disinformation operation - Structura National Technology and Social Design Agency - that formerly targeted other countries, including Germany and France. READ MORE...
U. Michigan restores campus internet after cyberattack disrupts first week of classes
University of Michigan announced Wednesday that it has restored internet to its three campuses after a cyberattack over the weekend, but warned to "expect some issues with select U-M systems and services in the short term." Ravi Pendse, the university's chief information officer, wrote in a notice on the university system's website that he expects remediation efforts to be resolved "over the next several days." READ MORE...
500k Impacted by Data Breach at Fashion Retailer Forever 21
Fashion retailer Forever 21 has started informing more than 500,000 individuals that their personal information was compromised in a data breach earlier this year. In a sample notification letter submitted to the Maine Attorney General's Office, the fashion retailer revealed that, on March 20, 2023, it identified a cyberattack that impacted some of its systems. Forever 21's investigation determined that the attackers had access to the company's systems since at least January 5, 2023. READ MORE...
Paramount discloses data breach following security incident
American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII). Paramount said in breach notification letters signed by Nickelodeon Animation Studio EVP Brian Keane sent to affected individuals that the attackers had access to its systems between May and June 2023. After discovering the incident, the company took steps to secure impacted systems and started an investigation into the breach. READ MORE...
Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks
Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant. And, the Google-owned team warned, it's not over yet: "Mandiant assesses that, at the time of writing, a limited number of previously impacted victims remain at risk due to this campaign." Beijing's spies not only broke into a relatively small number of organizations, but they may still have access into those networks. READ MORE...
Hacking campaign bruteforces Cisco VPNs to breach networks
Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA). Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access. Rapid7 security researchers have provided additional insights regarding these incidents in a report published on Tuesday. READ MORE...
Chinese Group Spreads Android Spyware via Trojan Signal, Telegram Apps
A China-based advanced persistent threat group that used an Android malware tool called BadBazaar to spy on Uyghurs is distributing the same spyware to users in several countries via Trojanized versions of the Signal and Telegram messaging apps. The apps tout features and modifications not available with the official versions. But in reality, while they offer legitimate functionality, they can also exfiltrate device and user information and enable the threat actor to spy on communications. READ MORE...
Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication
Threat actors have started exploiting four recently patched vulnerabilities in the J-Web component of Juniper Networks' Junos OS after proof-of-concept (PoC) exploit code was published online. The issues, tracked as CVE-2023-36844 through CVE-2023-36847, are medium-severity bugs that can be exploited to control environment variables remotely and to upload arbitrary files, without authentication. READ MORE...
- ...in 1897, Thomas Edison patents the Kinetoscope, an early movie viewing device that was the first to use a perforated film strip.
- ...in 1920, the first news radio program is broadcast in Detroit, MI by amateur-licensed station 8MK, known today as WWJ 950.
- ...in 1990, Seattle Mariners Ken Griffey and Ken Griffey Jr. become first father and son to play on same team simultaneously in professional baseball.
- ...in 2006, Norwegian police recover Edvard Munch's famous painting "The Scream", which had been stolen two years prior.