<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 9/28/2022


Top News

Meta busts first Chinese campaign prodding US midterms

Meta says it has disrupted a misinformation network targeting US political discourse ahead of the 2022 midterm elections - and one that sought to influence public opinion in Europe about the conflict in Ukraine. The internet giant says this is the first instance it has found of a Chinese-based source using its platforms for such purposes, although it was careful to point out that while the posts came from China, the acts are not necessarily part of a government-led program. READ MORE...


Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company's systems. In a notification to the Maine Attorney General's office, the Fort Worth, Texas-based company said the breach occurred on June 8 and it was discovered the same day. It said only 369 people are affected. READ MORE...


Meta Disables Russian Propaganda Network Targeting Europe

A sprawling disinformation network originating in Russia sought to use hundreds of fake social media accounts and dozens of sham news websites to spread Kremlin talking points about the invasion of Ukraine, Meta revealed Tuesday. The company, which owns Facebook and Instagram, said it identified and disabled the operation before it was able to gain a large audience. Nonetheless, Facebook said it was the largest and most complex Russian propaganda effort that it has found since the invasion began. READ MORE...

Australia asks FBI to help find attacker who stole data from millions of users

Australian authorities have asked the United States Federal Bureau of Investigation (FBI) to assist with investigations into the data breach at local telco Optus. Attorney general Mark Dreyfus yesterday revealed the FBI was asked to help identify the entities involved in the attack, which saw Optus leak data describing over ten million account holders. Data suspected to have been accessed included drivers licence details, passport numbers, email addresses and phone numbers. READ MORE...

Software Updates

Sophos fixes critical firewall hole exploited by miscreants

A critical code-injection vulnerability in Sophos Firewall has been fixed - but not before miscreants found and exploited the bug. The flaw, tracked as CVE-2022-3236, exists in the User Portal and Webadmin components of the firewall in versions 19.0 and older. While it hasn't been issued a CVSS severity score, Sophos deemed it "critical" and noted that it allowed for remote code execution. READ MORE...


New NullMixer dropper infects your PC with a dozen malware families

A new malware dropper named 'NullMixer' is infecting Windows devices with a dozen different malware families simultaneously through fake software cracks promoted on malicious sites in Google Search results. NullMixer acts as an infection funnel, using a single Windows executable to launch a dozen different malware families, leading to over two dozen infections running a single device. READ MORE...

Lazarus Lures Aspiring Crypto Pros With Fake Exchange Job Postings

Researchers are warning that Lazarus has expanded its campaign using fake jobs with cryptocurrency exchanges to trick macOS users into downloading malware. Just last month, researchers observed Lazarus using Coinbase job openings to trick macOS users into downloading malware. Now, SentinelOne says the same threat group has expanded its phishing campaign to include fraud job postings at another cryptocurrency exchange, Crypto[.]com. READ MORE...

Information Security

WhatsApp "zero-day exploit" news scare - what you need to know

For the last day or two, our news feed has been buzzing with warnings about WhatsApp. We saw many reports linking to two tweets that claimed the existence of two zero-day security holes in WhatsApp, giving their bug IDs as CVE-2022-36934 and CVE-2022-27492. One article, apparently based on those tweets, breathlessly insisted not only that these were zero-day bugs, but also that they'd been discovered internally and fixed by the WhatsApp team itself. READ MORE...


Exchange servers abused for spam through malicious OAuth applications

Microsoft has published a security blog about an investigation into an attack in which threat actors used malicious OAuth applications to abuse Exchange servers for their spam campaign. The threat actor behind this attack has been active for many years, and has been running spam campaigns using various methods that provided them with high volume spamming opportunities. READ MORE...

Flaw in some ManageEngine apps is being actively exploited, says CISA

CISA (the Cybersecurity and Infrastructure Security Agency) recently added CVE-2022-35405-a remote code execution(RCE) vulnerability affecting Zoho ManageEngine PAM360 (versions 5500 and earlier), Password Manager Pro (versions 12100 and earlier), and Access Manager Plus (versions 4302 and earlier)-to its Known Exploited Vulnerabilities (KEV) Catalog, a list of known CVEs that carry significant risk to the federal enterprise. READ MORE...

On This Date

  • ...in 1867, the US takes control of Midway Island.
  • ...in 1924, a team of US Army aviators completes the first ever aerial circumnavigation of the world, covering 27,553 miles in 175 days.
  • ...in 1959, Explorer VI, the U.S. satellite, takes the first video pictures of Earth.
  • ...in 2008, SpaceX launches the first private spacecraft, Falcon 1.