IT Security Newsletter - 8/6/2021
New DNS vulnerability allows 'nation-state level spying' on companies
Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks. DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organizations that do not want to manage and secure yet another network asset on their own. These DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration. READ MORE...
'Sophisticated Group' Behind Alaska Cyberattack, Agency Says
A "highly sophisticated group" known for cyberattacks against governmental and other entities is believed to be behind the attack this spring that targeted the Alaska health department, a spokesperson for the department said. Clinton Bennett, a department spokesperson, said a cybersecurity firm the department is working with had identified as responsible for the incident "a highly sophisticated group known to conduct complex cyberattacks." READ MORE...
Critical Code Execution Vulnerability Patched in Pulse Connect Secure
IT management and security company Ivanti this week released patches for multiple vulnerabilities in its Pulse Connect Secure VPN appliances, including a critical issue that could be exploited to execute arbitrary code with root privileges. Tracked as CVE-2021-22937 (CVSS score of 9.1), the issue is in fact a bypass of the patch released in October last year for CVE-2020-8260, a high-severity remote code execution flaw in the admin web interface of Pulse Connect Secure. READ MORE...
Prometheus TDS - Underground Service Distributing Several Malware Families
Group-IB security researchers have shared a technical analysis of Prometheus TDS, an underground service that over the past several months has been used for the distribution of various malware families, such as Buer Loader, Campo Loader, Hancitor, IcedID, QBot, and SocGholish. Prometheus TDS (Traffic Direction System) is a malware-as-a-service (MaaS) solution that has been promoted on underground forums since August 2020. READ MORE...
Linux version of BlackMatter ransomware targets VMware ESXi servers
?The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. The enterprise is increasingly moving to virtual machines for their servers for better resource management and disaster recovery. With VMware ESXi being the most popular virtual machine platform, almost every enterprise-targeting ransomware operation has begun to release encryptors that specifically target its virtual machines. READ MORE...
MacOS Flaw in Telegram Retrieves Deleted Messages
A vulnerability in a high-level privacy feature of Telegram on macOS that sets up a "self-destruct" timer for messages on both the sender's and recipient's devices can allow someone to retrieve these messages even after they've been deleted, a researcher has found. Reegun Richard Jayapaul, Trustwave SpiderLabs Lead Threat Architect, discovered the flaw in the Self-Destruct feature of Telegram MacOS, which is part of the Secret-Chats aspect of the messaging app that uses end-to-end encryption. READ MORE...
Report Draws Attention to Vulnerabilities in Commercial-Off-the-Shelf Products
The vast majority of commercial-off-the-shelf products examined in a new report contain at least one cybersecurity vulnerability at the highest severity ranking, something the report's authors say should compel their customers-including the government-to employ software bills of materials. GrammaTech-an application security testing firm that generates SBOMs and would benefit from greater demand for them-published the report Wednesday in partnership with cybersecurity consultant Osterman Research. READ MORE...
HTTP/2 Implementation Errors Exposing Websites to Serious Risks
Implementation flaws and imperfections in the technical specifications around HTTP/2 are exposing websites using the network protocol to a brand-new set of risks, a security researcher warned in a presentation at Black Hat USA Thursday. Researcher James Kettle this week showed how similar attacks could be carried out with potentially severe consequences against websites using the HTTP/2 standard. READ MORE...
- ...in 1911, actress and television producer Lucille Ball is born in Jamestown, NY.
- ...in 1965, President Lyndon B. Johnson signs the Voting Rights Act of 1965, extending the enforcement of the 14th and 15th Amendments for all Americans.
- ...in 1996, the influential punk rock group The Ramones play their farewell concert at The Palace in Los Angeles.
- ...in 2012, Cadre moves to its current headquarters in the PNC Center in Cincinnati.