This posting is here to collect cyber security news in July 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in July 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
260 Comments
Tomi Engdahl says:
Albania shuts down government websites, services due to wide ranging cyberattack https://therecord.media/albania-shuts-down-government-websites-services-due-to-wide-ranging-cyberattack/
The government of Albania has been forced to take its websites offline due to a cyberattack, just a few months after shifting most public sector services to an online portal. In a statement shared with local news outlets, Albania’s National Agency of Information Society said it was “forced to temporarily close access to online public services and other government websites” because of a “synchronized and sophisticated cybercriminal attack from outside Albania.”
Tomi Engdahl says:
Google Boots Multiple Malware-laced Android Apps from Marketplace https://threatpost.com/google-boots-malware-marketplace/180241/
Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads.
Tomi Engdahl says:
Torvalds: Linux kernel team has sorted Retbleed chip flaw https://www.theregister.com/2022/07/17/linux_5_19_rc7/
Linux kernel developers have addressed the Retbleed speculative execution bug in older Intel and AMD silicon, but the fix wasn’t straightforward, so emperor penguin Linus Torvalds has delayed delivery of the next version by a week.
Tomi Engdahl says:
Saitko tällaisen tekstiviestin Verohallinnolta? Älä klikkaa linkkiä https://www.is.fi/digitoday/tietoturva/art-2000008950075.htm
VEROHALLINNON nimissä liikkuu huijausviestejä, joissa yritetään saada vastaanottaja klikkaamaan viestissä olevaa linkkiä. Verohallinto varoittaa asiasta Facebookissa ja Twitterissä. Viestissä väitetään, että veroviranomaiset ovat päättäneet myöntää viestin vastaanottajalle hyvityksen. Sen saadakseen vastaanottajan on painettava viestin lopussa olevaa linkkiä.
Tomi Engdahl says:
Hackers Targeting VoIP Servers By Exploiting Digium Phone Software https://thehackernews.com/2022/07/hackers-targeting-voip-servers-by.html
VoIP phones using Digium’s software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. “The malware installs multilayer obfuscated PHP backdoors to the web server’s file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system, ” Palo Alto Networks Unit 42 said in a Friday report. The unusual activity is said to have commenced in mid-December 2021 and targets Asterisk, a widely used software implementation of a private branch exchange (PBX) that runs on the open-source Elastix Unified Communications Server.
Tomi Engdahl says:
New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain https://thehackernews.com/2022/07/new-netwrix-auditor-bug-could-let.html
Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. “Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain, ” Bishop Fox said in an advisory published this week.
https://bishopfox.com/blog/netwrix-auditor-advisory
Tomi Engdahl says:
Russia is banning crypto payments
https://www.protocol.com/bulletins/russia-ban-crypto-payments
Russian President Vladimir Putin approved a law Friday prohibiting the use of digital assets as forms of payments in Russia. The legislation will reportedly prohibit the transfer or acceptance of “digital financial assets as a consideration for transferred goods, performed works, rendered services, as well as in any other way that allows one to assume payment for goods (works, services) by a digital financial asset,. except as otherwise provided by federal laws, ” effectively banning the use of crypto or NFTs as forms of payments.
Tomi Engdahl says:
Venäjältä 360 miljoonan sakot Googlelle vaatii yhtiötä piilottamaan “erikoisoperaatioon” liittyvän sisällön https://www.is.fi/digitoday/art-2000008954215.html
VENÄLÄINEN tuomioistuin on määrännyt 21 miljardin ruplan eli noin 360 miljoonan euron suuruiset sakot teknologiajätti Googlelle.
Tiedotusvälineitä Venäjällä valvovan Roskomnadzorin mukaan Google ja sen alaisuudessa toimiva YouTube eivät ole suostuneet poistamaan alustoiltaan “kiellettyä materiaalia”. Käytännössä tämä tarkoittaa kaikkea Kremlin vastaista informaatiota ja etenkin sellaista, joka käsittelee Venäjän hyökkäyssotaa Ukrainassa. Viranomainen vaatii Googlea poistamaan alustoiltaan kaiken sellaisen materiaalin, joka käsittelee Venäjän “erikoisoperaatiota”, tukee “terrorismia ja ääriliikkeitä”, mainostaa “alaikäisten hengelle ja terveydelle vaarallisia aiheita” tai mainostaa “kiellettyihin joukkotapahtumiin osallistumista”.
Tomi Engdahl says:
Roblox breached: Internal documents posted online by unknown attackers https://blog.malwarebytes.com/cybercrime/2022/07/roblox-breached-internal-documents-posted-online-by-unknown-attackers/
A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown attacker has breached an employee account, and is in the process of exposing the data they’ve collected
Tomi Engdahl says:
Popular vehicle GPS tracker gives hackers admin privileges over SMS https://www.bleepingcomputer.com/news/security/popular-vehicle-gps-tracker-gives-hackers-admin-privileges-over-sms/
Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in
169 countries. A total of six vulnerabilities affect the MiCODUS MV720 device, which is present in vehicles used by several Fortune 50 firms, governments in Europe, states in the U.S., a military agency in South America, and a nuclear plant operator. The risks stemming from the findings are significant and impact both privacy and security. A hacker compromising an MV720 device could use it for tracking or even immobilizing the vehicle carrying it, or to collect information about the routes, and manipulate data. For example, MiCODUS GPS trackers are used by the state-owned Ukrainian transportation agency, so Russian hackers could target them to determine supply routes, troop movements, or patrol routes, researchers at cybersecurity company BitSight say in a report today.
Tomi Engdahl says:
Belgium says Chinese hackers attacked its Ministry of Defense https://www.bleepingcomputer.com/news/security/belgium-says-chinese-hackers-attacked-its-ministry-of-defense/
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the FPS Interior and the Belgian Defence, ” the foreign minister said. The cyberespionage groups named in the Belgian Government statement are APT27, APT30, APT31, and a fourth threat group tracked under multiple names, including Gallium, Softcell, and UNSC 2814.
Tomi Engdahl says:
Hackers steal 50, 000 credit cards from 300 U.S. restaurants https://www.bleepingcomputer.com/news/security/hackers-steal-50-000-credit-cards-from-300-us-restaurants/
Payment card details from customers of more than 300 restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms. Web-skimmers, or Magecart malware, are typically JavaScript code that collects credit card data when online shoppers type it on the checkout page.
Tomi Engdahl says:
Air-gapped systems leak data via SATA cable WiFi antennas https://www.bleepingcomputer.com/news/security/air-gapped-systems-leak-data-via-sata-cable-wifi-antennas/
A security researcher has found a new way to steal data from air-gapped systems by using serial ATA (SATA) cables present inside most computers as a wireless antenna that sends out data via radio signals. For a SATAn attack to succeed, an attacker first needs to infect the target air-gapped system. While this is not an easy task, there are reports of physical initial compromise since 2010, Stuxnet being the most notorious one. The piece of malware planted on an air-gapped network can target the sensitive information and prepare it for exfiltration by modulating and encoding it. The researcher found that SATA cables in computers can deliver over a radio channel between
5.9995 and 5.9996 GHz electromagnetic signals that correspond to specific characters.
Tomi Engdahl says:
Savolainen tietoverkkoyhtiö epäilee asiakkaiden yhteysongelmien syyksi kyberhyökkäystä koskee myös muita operaattoreita https://yle.fi/uutiset/3-12536783?origin=rss
Tiettyä vanhemman mallista päätelaitetta käyttävillä Savon Kuidun asiakkailla on ollut viime päivinä verkkoyhteysongelmia. Yhtiön mukaan laite on joutunut palvelunestohyökkäyksen kohteeksi. Noin seitsemän vuotta vanhaa Inteno FG500 -laitetta käyttävien Savon Kuidun asiakkaiden verkkoyhteydet ovat pätkineet muutamien viime päivien ajan tai nettiin ei ole päässyt lainkaan. Savon Kuidun toimitusjohtaja Risto Carlsonin mukaan kyberhyökkäyksen tekijästä ei ole tietoa. Hän kuitenkin arvioi, että hyökkäys tulee todennäköisesti ulkomailta.
Yhteysongelmat koskevat reilua sataa Savon Kuidun asiakasta. Carlsonin mukaan kyse on kuitenkin yhtä yhtiötä laajemmasta ongelmasta.
Laitevalmistajan mukaan myös muilla operaattoreilla, joiden asiakkailla on käytössä tätä laitetta, on vastaavia ongelmia, Carlson kertoo.
Tomi Engdahl says:
Uudella haittaohjelmalla miljoonia latauskertoja ethän asentanut näitä sovelluksia?
https://www.is.fi/digitoday/tietoturva/art-2000008946989.html
Autolycos-perheen ohjelma toimii Ingraon mukaan jokseenkin tavanomaisen tilaushuijauksen tavoin, eli se tekee lataajansa puolesta kysymättä kalliita tilauksia erinäisiin palveluihin.. Sovellukset avaavat taustalle erinäisiä tilaussivuja, suorittavat mobiiliyhteyden kautta maksullisia tilauksia, varastavat puhelimesta tietoja ja piilottavat kaiken lisäksi näihin vaiheisiin liittyvät ilmoitukset.
Ingrao kertoo löytäneensä yhteensä kahdeksan ohjelman sisältävää sovellusta, joista kaksi löytyi vielä äskettäin Googlen sovelluskaupan valikoimasta. Latauksia kaikilla sovelluksilla on yhteensä yli kolme miljoonaa. Tämän ohella sovelluksia tehtailevat huijarit tekevät esimerkiksi Facebook- ja Instagram-sivuja sekä ostavat molemmilla alustoilla mainoksia luodakseen haittaohjelmia sisältäville sovelluksille uskottavuutta.
Tomi Engdahl says:
Password recovery tool infects industrial systems with Sality malware https://www.bleepingcomputer.com/news/security/password-recovery-tool-infects-industrial-systems-with-sality-malware/
A threat actor is infecting industrial control systems (ICS) to create a botnet through password “cracking” software for programmable logic controllers (PLCs). Advertised on various social media platforms, the password recovery tools promise to unlock PLC and HMI (human-machine
interface) terminals from Automation Direct, Omron, Siemens, Fuji Electric, Mitsubishi, LG, Vigor, Pro-Face, Allen Bradley, Weintek, ABB, and Panasonic. [..] But behind the scenes the tool also dropped Sality, a piece of malware that creates a peer-to-peer botnet for various tasks that require the power of distributed computing to complete faster (e.g. password cracking, cryptocurrency mining).
Tomi Engdahl says:
Attackers scan 1.6 million WordPress sites for vulnerable plugin https://www.bleepingcomputer.com/news/security/attackers-scan-16-million-wordpress-sites-for-vulnerable-plugin/
Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. The attackers are targeting the Kaswara Modern WPBakery Page Builder, which has been abandoned by its author before receiving a patch for a critical severity flaw tracked as CVE-2021-24284.
Tomi Engdahl says:
More than 4, 000 individuals’ medical data left exposed for 16 years https://portswigger.net/daily-swig/more-than-4-000-individuals-medical-data-left-exposed-for-16-years
The private health information of more than 4, 000 patients was left exposed for 16 years by a US medical transplant center. Virginia Commonwealth University Health System (VCU) announced that sensitive data belonging to both transplant donors and recipients was available to view by others on a patient portal since 2006.
Tomi Engdahl says:
Chinese hackers targeted US reporters before Capitol attack and Russian invasion, report finds https://therecord.media/chinese-hackers-targeted-us-reporters-before-capitol-attack-and-russian-invasion-report-finds/
Chinese-aligned hackers targeted White House correspondents and other U.S. political reporters in the run-up to the January 6, 2021 attack on the U.S. Capitol as well as the Russian invasion of Ukraine, according to a new report from cybersecurity firm Proofpoint. The threat actor Proofpoint tracks as TA412 carried out a series of phishing attempts targeting U.S.-based journalists since early 2021, according to the report. Researchers believe the attackers are aligned with Chinese government interests. In 2020, Microsoft reported the threat actor, which it dubbed Zirconium, had targeted those connected to the U.S. presidential campaign as well as at think . tanks that focused on international relations.
Tomi Engdahl says:
Yhdysvallat narahti massiivisesta seurantaoperaatiosta kansalaisten puhelimia tarkkailtiin luvatta https://www.tivi.fi/uutiset/tv/fc573c24-b473-4971-89cc-adae4be683fc
Yhdysvaltojen sisäisen turvallisuuden ministeriö on ostanut maan kansalaisten puhelimien sijaintitietoja kolmannen osapuolten datakauppiailta. Venntelin ja Babel Streetin kaltaiset yhtiöt keräävät käyttäjien tietoja yleisten sovellusten avulla ja myyvät niitä eteenpäin, kirjoittaa Rolling Stone. Politico-lehden mukaan dataa kerättiin sadoissa miljoonissa puhelimissa olevista sovelluksista, joiden avulla ministeriö sai käsiinsä yli 336 000 sijaintipistettä ympäri Pohjois-Amerikkaa. Viranomaiset pyrkivät toiminnallaan kiertämään maan korkeimman oikeuden päätöstä, jonka mukaan puhelimien sijainnin seuraamiseen tarvitaan oikeuden lupa. Datan kerääminen on ollut massiivista. Pelkästään kolmen päivän aikana vuonna 2018 tulli- ja rajavartiolaitos keräsi tietoja yli 113 000 sijainnista Yhdysvaltojen lounaisosassa. Viranomaiset haalivat luvattomasti peräti
26 sijaintia minuutissa.
Tomi Engdahl says:
Tanska kieltää Chromebookit ja Googlen pilvipalvelut maan kouluissa
https://www.tivi.fi/uutiset/tv/ef7146c4-9ff2-4883-8f9d-73d2c85338d1
Tanska on kieltänyt Googlen Workspace-pilvipalveluiden käyttämisen maan kouluissa. Päätös tehtiin Helsingörin kunnassa toteutetun selvityksen päätteeksi, jossa tarkasteltiin Googlen keräämään käyttäjädataan liittyviä riskejä. Maan tietosuojaviranomainen Datatilsynet on todennut, että Googlen palvelut eivät vastaa Euroopan tiukkaa gdpr-säädöstä. Sen mukaan Googlen käyttäjäehdoissa yhtiölle annetaan lupa käsitellä kerättyä dataa muissa maissa siitä huolimatta, että data itsessään säilytetään eurooppalaisissa palvelinkeskuksissa.
Tomi Engdahl says:
Hacking group ’8220′ grows cloud botnet to more than 30, 000 hosts https://www.bleepingcomputer.com/news/security/hacking-group-8220-grows-cloud-botnet-to-more-than-30-000-hosts/
A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30, 000 infected hosts. The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache. Previous attacks from this gang relied on a publicly available exploit to compromise Confluence servers.
Tomi Engdahl says:
UK heat wave causes Google and Oracle cloud outages https://www.bleepingcomputer.com/news/security/uk-heat-wave-causes-google-and-oracle-cloud-outages/
An ongoing heatwave in the United Kingdom has led to Google Cloud and Oracle Cloud outages after cooling systems failed at the companies’
data centers. However, today, with temperatures reaching a record-breaking 40.2 degrees Celsius (104.4 Fahrenheit), cooling systems at data centers used by Google and Oracle to host their cloud infrastructure have begun to fail. To prevent permanent damage to hardware components and thus create a prolonged outage, both Google and Oracle have shut down equipment, leading to outages in their cloud services.
Tomi Engdahl says:
Thailand admits to using phone spyware, cites national security https://www.reuters.com/world/asia-pacific/thailand-admits-using-phone-spyware-cites-national-security-2022-07-20/
BANGKOK, July 20 (Reuters) – A Thai minister has admitted the country uses surveillance software to track individuals in cases involving national security or drugs, amid revelations that government critics’
phones had been hacked using the Israeli-made Pegasus spyware.
Minister of Digital Economy and Society, Chaiwut Thanakamanusorn, said in parliament late on Tuesday that he is aware of Thai authorities using spyware in “limited” cases but did not specify which government agency used such software, which programme was used or which individuals targeted.
Tomi Engdahl says:
Google ads lead to major malvertising campaign https://blog.malwarebytes.com/threat-intelligence/2022/07/google-ads-lead-to-major-malvertising-campaign/
Fraudsters have long been leveraging the shady corners of the internet to place malicious adverts, leading users to various scams. However, every now and again we see a campaign that goes mainstream and targets some of the world’s top brands. Case in point, we recently uncovered a malvertising chain abusing Google’s ad network to redirect visitors to an infrastructure of tech support scams.
Tomi Engdahl says:
New Lightning Framework’ Linux malware installs rootkits, backdoors https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/
A new and previously undetected malware dubbed Lightning Framework’
targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a “Swiss Army Knife” in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. “The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration, ” Intezer security researcher Ryan Robinson said.
Tomi Engdahl says:
Neopets data breach exposes personal data of 69 million members https://www.bleepingcomputer.com/news/security/neopets-data-breach-exposes-personal-data-of-69-million-members/
Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members. On Tuesday, a hacker known as TarTarX’ began selling the source code and database for the Neopets.com website for four bitcoins, worth approximately $94, 000 at today’s prices. In a conversation with BleepingComputer, TarTarX says that they stole the database and approximately 460MB (compressed) of source code for the neopets.com website. The seller claims that this database contains the account information of over 69 million members, and in a screenshot shared with BleepingComputer, you can see the data includes members’ usernames, names, email addresses, zip code, date of birth, gender, country, an initial registration email, and other site/game-related information.
Tomi Engdahl says:
Windows 11 now blocks RDP brute-force attacks by default https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/
Recent Windows 11 builds come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 minutes. The account brute forcing process commonly requires guessing the passwords using automated tools. This tactic is now blocked by default on the latest Windows 11 builds (Insider Preview
22528.1000 and newer) after failing to enter the correct password 10 times in a row.
Tomi Engdahl says:
China cybersecurity agency fines ride-hailing giant Didi $1.2 billion for data issues https://therecord.media/china-cybersecurity-agency-fines-ride-hailing-giant-didi-1-2-billion-for-data-issues/
China’s internet regulator on Thursday fined ride-hailing giant Didi
$1.2 billion for the company’s voracious data collection policies and lackluster security protections around sensitive user information. The Cyberspace Administration of China said it concluded a network security review of the company and found “illegal activities” and violations of the country’s Network Security Law, Data Security Law and Personal Information Protection law. The fine is the largest data protection penalty issued by China, and the second-largest fine imposed on a Chinese technology firm after regulators slapped Alibaba with a $2.75 billion fine last year following an anti-monopoly probe.
Tomi Engdahl says:
Hurja helleaalto iski yllättävään tahoon teknologiajättien datakeskukset ongelmissa https://www.is.fi/digitoday/art-2000008957263.html
EUROOPPAA piinaava lämpöaalto on iskenyt kyntensä myös teknologiajättien datakeskuksiin. Amerikkalainen ohjelmistojärkäle Oracle kertoi tiistaina ja keskiviikkona joutuneensa sulkemaan joitakin eteläisen Lontoon datakeskuksensa toiminnoista. Syynä tälle ovat äärimmäiset lämpötilat, jotka ovat johtaneet keskusten jäähdytyksen ylikuormittumiseen ja osan laitteistosta vaurioitumiseen.
SAMOIHIN ongelmiin alkuviikon aikana on törmännyt myös Google. Eräässä yhtiön Länsi-Euroopan datakeskuksessa jäähdytysjärjestelmän hajoaminen johti joidenkin asiakkaiden järjestelmien vaurioitumiseen sekä väliaikaiseen käsittelykapasiteetin menetykseen.
Tomi Engdahl says:
European Commission sued for violating EU’s data protection rules https://www.euractiv.com/section/data-protection/news/european-commission-sued-for-violating-eus-data-protection-rules/
International data transfers across the pond were ruled illegal by the EU Court of Justice two years ago in the landmark Schrems II ruling, thus defining the interpretation of the EU’s General Data Protection Regulation. The American jurisdiction was deemed to have inadequate data protection, as US intelligence services could access the personal data of EU residents disproportionally and with no judicial remedy.
The suit was initiated by a German citizen who not only states the EU executive is illegally transferring data but claims it fails to disclose sufficient information on its data processing practices.
Tomi Engdahl says:
SolarWinds-hakkerit hyökkäävät nyt Google Drivessa iskut tapahtuvat huomaamatta https://www.tivi.fi/uutiset/tv/7b81935b-eb97-4e7b-b249-c1c4812b24cd
SolarWinds-vakoilukampanjan takana ollut venäläinen hakkeriryhmä käyttää nyt Palo Alto Networksin Unit 42 -tutkijaryhmän mukaan Google Drivea haittaohjelmien levittämiseen. APT29- ja Cozy Bear -nimillä tunnettu hakkeriryhmä on hyökännyt samalla taktiikalla myös Portugalissa ja Brasiliassa sijaitseviin suurlähetystöihin, TechCrunch kertoo. Nämä hyökkäykset tapahtuivat touko- ja kesäkuun aikana. Uutta taktiikkaa on tutkijoiden mukaan vaikea huomata käytössä palveluiden yleisyyden takia. Palvelun luotettavuuden ja siinä käytettävien salausten takia organisaatioiden on äärimmäisen vaikea löytää kampanjaan liittyvää toimintaa.
Tomi Engdahl says:
Atlassian warns of several new critical vulnerabilities potentially being exploited in wild https://therecord.media/atlassian-warns-of-several-new-critical-vulnerabilities-potentially-being-exploited-in-wild/
Atlassian is warning its customers and partners about three different critical vulnerabilities affecting Confluence Server, Confluence Data Center as well as several other products from Bamboo, BitBucket, Fisheye and Jira. On Thursday, Atlassian warned that CVE-2022-26138 which affects the Questions For Confluence app for Confluence Server and Confluence Data Center is “likely to be exploited in the wild”
after someone “discovered and publicly disclosed the hardcoded password on Twitter.”. On Wednesday, Atlassian released another advisory about two other vulnerabilities CVE-2022-26136 and
CVE-2022-26137 critical severity issues in multiple Atlassian products allowing a remote, unauthenticated attacker to bypass Servlet Filters used by first and third-party apps.
Tomi Engdahl says:
Microsoft resuming default block of Office VBA macros https://therecord.media/microsoft-resuming-default-block-of-office-vba-macros/
Microsoft confirmed that it is resuming the roll out of a popular change that blocked Visual Basic for Applications (VBA) macros by default in a variety of Office apps. The tech giant faced backlash two weeks ago after it announced a temporary decision to roll back the change, telling The Record that because of “user feedback” they decided to roll back the change “temporarily” while they “make some additional changes to enhance usability.”. Macros are series of commands used to automate a repeated task, but have frequently been used by hackers as vehicles for malware.
Tomi Engdahl says:
Poliisi varoittaa: Veronpalautus voikin päätyä tilin tyhjenemiseen
https://www.iltalehti.fi/tietoturva/a/93e480ee-0525-4559-b7c2-838769f750c4
Poliisi kertoo tiedotteessaan saaneensa heinäkuun aikana useita verohallinnon nimissä tehtyjä huijauksia veronpalautuksiin liittyen.
Huijausviestit on lähetetty tekstiviestillä tai sähköpostitse, ja ne sisältävät linkin, joka johtaa huijaussivustolle. Huijaussivustolla vastaanottajaa pyydetään syöttämään verkkopankkitunnukset, jotka päätyvät näin suoraan rikollisille. Tällainen viesti kannattaa poistaa heti ja olla avaamatta sitä. Jos olet avannut viestin, älä avaa siinä olevia liitteitä tai linkkejä, koska voit saada niistä koneeseesi haittaohjelma, poliisi ohjeistaa. Poliisi muistuttaa myös, että pankkitunnus-, kortti- tai henkilötietoja ei pidä koskaan luovuttaa, jos ei ole varma vastaanottajasta.
Tomi Engdahl says:
The Unsolved Mystery Attack on Internet Cables in Paris https://www.wired.com/story/france-paris-internet-cable-cuts-attack/
BURIED DEEP BENEATH your feet lie the cables that keep the internet online. Crossing cities, countrysides, and seas, the internet backbone carries all the data needed to keep economies running and your Instagram feed scrolling. Unless, of course, someone chops the wires in half. On April 27, an unknown individual or group deliberately cut crucial long-distance internet cables across multiple sites near Paris, plunging thousands of people into a connectivity blackout. The vandalism was one of the most significant internet infrastructure attacks in France’s history and highlights the vulnerability of key communications technologies. Now, months after the attacks took place, French internet companies and telecom experts familiar with the incidents say the damage was more wide-ranging than initially reported and extra security measures are needed to prevent future attacks. In total, around 10 internet and infrastructure companiesfrom ISPs to cable ownerswere impacted by the attacks, telecom insiders say.
Tomi Engdahl says:
U.S. probes China’s Huawei over equipment near missile silos https://www.reuters.com/world/us/exclusive-us-probes-chinas-huawei-over-equipment-near-missile-silos-2022-07-21/
The Biden administration is investigating Chinese telecoms equipment maker Huawei over concerns that U.S. cell towers fitted with its gear could capture sensitive information from military bases and missile silos that the company could then transmit to China, two people familiar with the matter said. Authorities are concerned Huawei
(HWT.UL) could obtain sensitive data on military drills and the readiness status of bases and personnel via the equipment, one of the people said, requesting anonymity because the investigation is confidential and involves national security. The previously unreported probe was opened by the Commerce Department shortly after Joe Biden took office early last year, the sources said, following the implementation of rules to flesh out a May 2019 executive order that gave the agency the investigative authority.
Tomi Engdahl says:
Hospital IT melts in heatwave, leaving doctors without patient records https://www.theregister.com/2022/07/22/hospital_it_meltdown/
Doctors at Guy’s and St Thomas’ NHS Foundation Trust, one of the UK’s largest healthcare organizations, were this week left unable to access patient records and forced to cancel appointments following an IT outage caused by the extreme heatwave. Reports suggest both the trust’s datacenters suffered outages as the UK hit record temperatures on Tuesday. Air conditioning units intended to cool computer servers failed, according to sources speaking to The Guardian newspaper.
Tomi Engdahl says:
A small Canadian town is being extorted by a global ransomware gang https://www.theverge.com/2022/7/22/23274372/st-marys-canada-lockbit-ransomware-cyber-incident
The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data. The small town of around 7, 500 residents seems to be the latest target of the notorious LockBit ransomware group. On July 22nd, a post on LockBit’s dark web site listed townofstmarys.com as a victim of the ransomware and previewed files that had been stolen and encrypted. In a phone call, St. Marys Mayor Al Strathdee told The Verge that the town was responding to the attack with the help of a team of experts.
Tomi Engdahl says:
Digital security giant Entrust breached by ransomware gang https://www.bleepingcomputer.com/news/security/digital-security-giant-entrust-breached-by-ransomware-gang/
Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems. Entrust is a security firm focused on online trust and identity management, offering a wide range of services, including encrypted communications, secure digital payments, and ID issuance solutions. Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for identity management and authentication.
Tomi Engdahl says:
Hacker selling Twitter account data of 5.4 million users for $30k https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/
Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30, 000. Yesterday, a threat actor known as devil’
said on a stolen data market that the database contains info about various accounts, including celebrities, companies, and random users.
In a conversation with the threat actor, BleepingComputer was told that they used a vulnerability to collect the data in December 2021.
They are now selling the data for $30, 000, and that interested buyers have already approached them.
Tomi Engdahl says:
Massive Microsoft 365 outage caused by faulty ECS deployment https://www.bleepingcomputer.com/news/microsoft/massive-microsoft-365-outage-caused-by-faulty-ecs-deployment/
In a preliminary post-incident report, Microsoft has revealed that this week’s 5-hour-long Microsoft 365 worldwide outage was triggered by a faulty Enterprise Configuration Service (ECS) deployment that led to cascading failures and availability impact across multiple regions.
ECS is an internal central configuration repository designed to enable Microsoft services to make wide-scope dynamic changes across multiple services and features, as well as targeted ones such as specific configurations per tenant or user. What initially started like a minor Microsoft Teams outage ended up expanding downstream to multiple Microsoft 365 services with Teams integration that also leverage ECS, including Exchange Online, Windows 365, and Office Online. As a result, users worldwide began reporting that they could not use Microsoft Teams and multiple Microsoft 365 services or features.
Tomi Engdahl says:
Drupal developers fixed a code execution flaw in the popular CMS https://securityaffairs.co/wordpress/133625/security/drupal-flaws-2.html
Drupal development team released security updates to fix multiple issues, including a critical code execution flaw.
Tomi Engdahl says:
Update Google Chrome now! New version includes 11 important security patches https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-google-chrome-now-new-version-includes-important-security-patches/
The latest Google Chrome update includes 11 security fixes, some of which could be exploited by an attacker to take control of an affected system. Google Chrome’s Stable channel has been updated to
103.0.5060.134 for Windows, Mac, and Linux, and the new version will roll out over the coming days/weeks.
Tomi Engdahl says:
Malware spent months hoovering up credit card details from 300 US restaurants https://blog.malwarebytes.com/awareness/2022/07/magecart-infection/
Criminal hackers have been able to steal at least 50, 000 credit cards from 300 restaurants in the US, after launching two Magecart campaigns that target the MenuDrive, Harbortouch, and InTouchPOS online payment platforms
Tomi Engdahl says:
QBot phishing uses Windows Calculator sideloading to infect devices https://www.bleepingcomputer.com/news/security/qbot-phishing-uses-windows-calculator-sideloading-to-infect-devices/
The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers.
Tomi Engdahl says:
Lockbit ransomware gang claims to have breached the Italian Revenue Agency https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html
The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site.
Hakkeriryhmä kiristää kanadalaista pikkukaupunkia
https://www.tivi.fi/uutiset/tv/b46d4636-2075-4e38-9842-1c7725f10042
Kanadalainen St. Marysin kaupunki on joutunut kiristyshaittaohjelman uhriksi. Kaupungin työntekijät on lukittu ulos järjestelmistä ja tiedostoja on salattu hyökkäyksen johdosta.
Tomi Engdahl says:
Hackers exploited PrestaShop zero-day to breach online stores https://www.bleepingcomputer.com/news/security/hackers-exploited-prestashop-zero-day-to-breach-online-stores/
Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers’ payment information.
Tomi Engdahl says:
Wärtsilän tietojärjestelmä hakkeroitiin Venäjältä vetäytymisen jälkeen tietoja päätyi rikollisryhmän kauppatavaraksi
https://yle.fi/uutiset/3-12549885
Rikollinen hakkeriryhmä kertoo varastaneensa laajasti tietoja suomalaiselta Wärtsilältä. Wärtsilä myöntää murtautujien päässeen
laskutus- ja ostotietoihin.
Tomi Engdahl says:
Researcher finds Russia-based ransomware network with foothold in U.S https://therecord.media/researcher-finds-russia-based-ransomware-network-with-foothold-in-u-s/
A Russia-based ransomware command and control network has been found to have a foothold in at least one U.S. network, according to researchers from attack surface management firm Censys.