IT Security Newsletter - 9/9/2022
North Korea's Lazarus Targets Energy Firms With Three RATs
For roughly six months, the North Korean Lazarus hacking group has been targeting energy companies in Canada, the US, and Japan with three remote access trojans (RATs), Cisco reports. Active since at least 2009, also referred to as Hidden Cobra, and believed to be backed by the North Korean government, Lazarus has orchestrated various high-profile attacks, including the Ronin $600 million cryptocurrency heist and the $100 million hack of Harmony's Horizon Bridge. READ MORE...
Feds claw back $30 million of cryptocurrency stolen by North Korean hackers
Cryptocurrency analytics firm Chainalysis said on Thursday that it helped the US government seize $30 million worth of digital coins that North Korean-backed hackers stole earlier this year from the developer of the non-fungible token-based game Axie Infinite. When accounting for the more than 50 percent fall in cryptocurrency prices since the theft occurred in March, the seizure represents only about 12 percent of the total funds stolen. READ MORE...
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or other processing resources. The severity of the vulnerability is merely "important", as its exploitation requires additional access and/or privilege, but ConnectWise recommends administrators of on-premise instances to patch as soon as possible. READ MORE...
Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN
Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers. Those small-biz routers - the RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router - have reached their end-of-life (EoL) and the networking vendor is recommending customers upgrade to devices that aren't vulnerable. READ MORE...
Bumblebee malware adds post-exploitation tool for stealthy infections
A new version of the Bumblebee malware loader has been spotted in the wild, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory. Bumblebee was discovered in April, involved in phishing campaigns believed to be orchestrated by the same actors behind BazarLoader and TrickBot, i.e., the Conti syndicate. READ MORE...
New 'Shikitega' Linux Malware Grabs Complete Control of Infected Systems
Security researchers with AT&T Alien Labs are warning of a new piece of malware that can take full control of infected Linux systems, including Internet of Things (IoT) devices. Dubbed Shikitega, the threat is delivered as part of a multi-stage infection chain, where each step is responsible for a part of the payload and fetches and executes the next module. READ MORE...
Over 80% of the top websites leak user searches to advertisers
Security researchers have found that roughly eight out of ten websites featuring a search bar will leak their visitor's search terms to online advertisers like Google. This practice has the implication of breaching the users' privacy and leaking sensitive information to a massive network of third parties who can then use this data to deliver targeted advertisements or track your behavior on the web. READ MORE...
Researchers warn older D-Link routers are under threat from Mirai malware variant
Threat actors are exploiting vulnerabilities in D-Link routers to spread a variant of Mirai malware called MooBot, which targets exposed networking devices running Linux, according to research released Tuesday from Palo Alto Networks' Unit 42. Though the manufacturer has published security bulletins for the vulnerabilities, users may be running older or unpatched versions of D-Link devices, according to the report. READ MORE...
- ...in 1776, the Continental Congress formally declares the name of the new nation to be the "United States" of America.
- ...in 1850, California becomes the 31st state.
- ...in 1956, Elvis Presley makes his first appearance on The Ed Sullivan Show.
- ...in 1965, Los Angeles Dodgers pitcher Sandy Koufax, a former UC Basketball player, pitches the eighth perfect game in major league history.