Cyber Security Today, Dec. 6, 2023 – Warnings about Russian-based cyber attacks, and more

Share post:

Warnings about Russian-based cyber attacks, and more.

Welcome to Cyber Security Today. It’s Wednesday, December 6th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Two reports this week warned of the continuing cyber threat from what is believed to be a Russian military intelligence hacking group. It’s going after organizations that use Microsoft Outlook. The group has been dubbed various names by security researchers including TA422, APT28, Forest Blizzard, Fancy Bear and Strontium. According to researchers at Proofpoint, this gang is leveraging a particular unpatched Outlook vulnerability through email attachments. More recently it has also been trying to do the same through a vulnerability in the WinRAR compression utility. Some of the gang’s phishing messages pretend to be links to a Windows update.

Separately, Microsoft and Poland’s Cyber Command gave a similar warning this week about the Outlook exploit, which was patched in March.

More on Russia: Researchers at the Insikt Group issued a report on the latest online misinformation and disinformation tactics used by a Russia-linked group dubbed Doppelganger. Its continuing campaign is aimed at the U.S., Ukraine and Germany. It probably uses generative artificial intelligence applications to create deceptive news articles, the report says. The goal in each country? To erode public trust in government and increase polarization among the public.

The AlphV/BlackCat ransomware gang says it has hacked an accounts payable supplier called Tipalti. Not only is it seeking money from the company, it is also contacting Tipalti customers and threatening to leak their stolen data as an extra way off squeezing money. The crooks say they have been in the Tipalti system since September 8th.

Threat actors are still trying to exploit a critical vulnerability in Adobe ColdFusion web application servers. That’s the word from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). A patch for this vulnerability was issued in March. However, the CISA says recently unidentified attackers successfully compromised two U.S. government servers over the summer. The warning is to U.S. government IT administrators, but it also applies to any organization using ColdFusion.

I’ve reported before on bad Java, Python and other code being plunked into open source repositories like GitHub, NPM, PyPI and others. Often it’s done by taking over the accounts of developers and abusing their abandonded repositories. It’s a technique called repojacking. Now comes a report that thousands of good modules written in the Go language are vulnerable to being taken over. Researchers at VulnCheck discovered more than 15,000 Go repositories of code are vulnerable because if a Go module creator decides to change their username the abandoned name is open to anyone to pickup — including a threat actor. They can then take over the username and any associated modules for malicious use. GitHub offers some, but not enough, protection against this, says the report. Go developers wanting to use other peoples’ modules in their work have to be careful of the modules they download.

Finally, the iPhone’s Lockdown Mode offers users protection to those who have serious security concerns against the smartphone being hacked. However, researchers at Jamf Threat Labs have discovered a way the protection can be bypassed in an already compromised iPhone. Essentially, malware that was installed before the user turns on Lockdown Mode can make the phone owner think the mode has been enabled and they are protected. First, Lockdown Mode shouldn’t be turned on unless you are a potential target, like a reporter, a government official or a corporate executive. No one has been seen yet using this tactic. But remember, turning on Lockdown Mode may not give the automatic protection hoped for. One defence: Make sure your iPhone always installs the latest security patches.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Dec. 6, 2023 – Warnings about Russian-based cyber attacks, and more first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Hashtag Trending Feb.23- Companies losing top talent with long hiring processes; Intel – the “foundry for the world?”; AT&T outage

(PRE MUSIC ANNOUNCEMENT) If you know me, you know I’m passionate about three things – music, books and data. My interview on the weekend edition hits two of those passions. I read a book called Winning with Data Science, and it blew me away. So, I reached out and managed to get one of the

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways