IT Security Newsletter - 9/29/2021
Latest FinFisher spyware upgrades 'particularly worrying,' says Kaspersky
Kaspersky has presented the findings of an eight-month probe into the FinFisher spyware toolset - including the discovery of a UEFI "bootkit" infection method and "advanced anti-analysis methods" such as "four-layer obfuscation." FinFisher, also known as FinSpy, is a product from Anglo-German spy firm Gamma International and supplied exclusively to law enforcement and intelligence agencies for use as a surveillance tool. READ MORE...
75K Email Inboxes Hit in New Credential Phishing Campaign
Some 75,000 email inboxes have been impacted so far in what appears to be an email phishing campaign motivated by credential harvesting. Security researchers from Armorblox this week reported observing the attack on customer systems across Office 365, Microsoft Exchange, and Google Workspace environments. Many of the attacks involved the threat actors targeting small groups of employees from different departments within an organization in an apparent attempt to keep a low profile. READ MORE...
The Rise of One-Time Password Interception Bots
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets. READ MORE...
Colossus Ransomware Hits Automotive Company in the U.S.
A new ransomware family called Colossus has snagged at least one victim in the United States as of last week, according to security researchers at ZeroFox. Targeting Windows systems, the Colossus ransomware was used in an attack on an automotive group of dealerships based in the U.S., with its operators threatening to leak 200 GB of stolen data. The cybercriminals have directed the victim to contact them via a "support page" on a custom domain. READ MORE...
NSA, CISA share VPN security tips to defend against hackers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions. The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems. READ MORE...
Microsoft 365 MFA outage locks users out of their accounts
Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) issue preventing some customers from logging into their Microsoft 365 accounts. "We're investigating an issue with Multi-Factor Authentication that is preventing some users from accessing Microsoft 365 services. Additional information will be provided in the admin center under MO287933, the company tweeted. READ MORE...
Most Third-Party Cloud Containers Have Vulnerabilities
The vast majority of third-party code used in cloud infrastructure contains vulnerabilities and misconfigurations, which could leave organizations exposed to attack, according to Palo Alto Networks. The security vendor's Unit 42 Cloud Threat Report 2H 2021 used data from various public sources better to understand the threat from cloud software supply chains. READ MORE...
FoggyWeb, analysis of a Nobelium backdoor
Microsoft's Threat Intelligence Center has been analyzing a custom-built backdoor that has been used by the Nobelium group since April 2021. Nobelium is the name given to the threat actor behind the attacks against SolarWinds, the Sunburst backdoor, TEARDROP malware, GoldMax malware, and other related components. The backdoor that aims to steal the configuration database of a server has been dubbed FoggyWeb by Microsoft. READ MORE...
CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday informed organizations that some cameras made by Chinese video surveillance vendor Hikvision are affected by a critical vulnerability. The notification came shortly after the Federal Communications Commission (FCC) announced taking steps toward the removal of Chinese equipment from U.S. networks due to national security concerns stemming from alleged ties between manufacturers and the Chinese government. READ MORE...
- ...in 1942. actor Ian McShane ("Deadwood", "Lovejoy") is born in Lancashire, England.
- ...in 1963, Les Claypool, bass player and lead singer of alternative rock band Primus, is born in Richmond, CA.
- ...in 1966, Chevrolet introduces the Camaro, which went on to become one of the iconic "muscle cars" of the mid-20th century.
- ...in 1988, Stacy Allison of Portland, OR becomes the first American woman to reach the summit of Mount Everest.