News – January 2022


  • Hackers take over diplomat’s email, target Russian deputy minister

    January 12, 2022

    Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions. One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible ...

  • Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

    January 11, 2022

    This joint Cybersecurity Advisory (CSA)—authored by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA)—is part of our continuing cybersecurity mission to warn organizations of cyber threats and help the cybersecurity community reduce the risk presented by these threats. This CSA provides an overview of Russian state-sponsored ...

  • noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds

    January 11, 2022

    Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released. The exploit ...

  • Millions of Routers Exposed to RCE by USB Kernel Bug

    January 11, 2022

    Millions of popular end-user routers are at risk of remote code execution (RCE) due to a high-severity flaw in the KCodes NetUSB kernel module. The module enables remote devices to connect to routers over IP and access any USB devices (such as printers, speakers, webcams, flash drives and other peripherals) that are plugged into them. This ...

  • Make sure you’re up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out

    January 11, 2022

    Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. The information was released today by infosec outfit Rapid7. This comes about a month after Sonicwall issued a patch for the security hole, which was discovered and privately disclosed by Rapid7’s Jake Baines to Sonicwall in October. If ...

  • LoRaWAN’s Protocol Stacks: The Forgotten Targets at Risk

    January 11, 2022

    Our LoRaWAN security series has so far outlined multiple security flaws, vulnerability issues, and entry vectors that attackers have been known to use. In this fourth part of the series, we talk about an attack vector that, so far, has not attracted much attention: the LoRaWAN stack. Although it is not a typical target, it ...

  • DDoS Attack Trends for Q4 2021

    January 11, 2022

    The first half of 2021 witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world (including one of the largest petroleum pipeline system operators in the US) and a vulnerability in IT management software that targeted schools, public sector, travel organizations, and credit unions, to name a few. The ...

  • What to Include in a Cybersecurity Disaster Recovery Plan

    January 11, 2022

    If the unthinkable were to happen to your business, what’s your disaster recovery plan? If bad actors were to inject ransomware into your system, what’s your process for a return to normal working? Google the words “What do I do if I have a cybersecurity breach” and the first twenty results will start with the ...

  • Danish intelligence chief held over suspected information leaks

    January 10, 2022

    The head of Denmark’s foreign intelligence unit, Lars Findsen, has been remanded in custody over his involvement in a case of “highly classified” information leaks, public broadcaster DR reported on Monday. Denmark’s two intelligence services have been thrown into disarray since four current and former employees were detained in December over allegations of leaking highly classified ...

  • Indian Patchwork hacking group infects itself with remote access Trojan

    January 10, 2022

    An Indian threat group’s inner workings have been exposed after it accidentally infected its own development environment with a remote access Trojan (RAT). Dubbed Patchwork by Malwarebytes and tracked under names including Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, the Indian group has been on the scene since at least 2015 and is actively launching campaigns ...

  • California town announces data breach involving police department, loan provider

    January 10, 2022

    Grass Valley, California has announced an extensive data breach involving the Social Security numbers and more of all city employees and vendors — as well as anyone who had their information given to the local police department. The city said in a notice that Social Security numbers, driver’s license numbers, and health insurance information was leaked ...

  • Microsoft: powerdir bug gives access to protected macOS user data

    January 10, 2022

    Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users’ protected data. The Microsoft 365 Defender Research Team has reported the vulnerability dubbed powerdir (tracked as CVE-2021-30970) to Apple on July 15, 2021, via the Microsoft Security Vulnerability Research (MSVR). TCC is security tech designed to block ...

  • Uncovering and Defending Systems Against Attacks With Layers of Remote Control

    January 10, 2022

    As organizations brace themselves for the year ahead, now is an opportune time to take stock of how they can strengthen their security posture and shore up their defenses. While organizations may have the power of leading-edge cybersecurity solutions on their side, malicious actors continue to work diligently to refine their methods and take advantage ...

  • Vulnerability Spotlight: Buffer overflow vulnerability in AnyCubic Chitubox plugin

    January 10, 2022

    Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in the Chitubox AnyCubic plugin. Chitubox is 3-D printing software for users to download and process models and send them to a 3-D printer. The specific AnyCubic plugin allows the software to convert the output of the Chitubox slicer (general format files) into the format expected ...

  • FBI: Cyber criminals are mailing out USB drives that install ransomware

    January 10, 2022

    A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI. The USB drives contain so-called ‘BadUSB’ attacks. They were sent in the mail through the United States Postal Service and United Parcel Service. One type ...