Title: Nearly 30% of Critical WordPress Plugin Bugs Don’t Get a Patch
Date Published: March 9, 2022
Excerpt: “Patchstack, a leader in WordPress security and threat intelligence, has released a whitepaper to present the state of WordPress security in 2021, and the report paints a dire picture. More specifically, 2021 has seen a growth of 150% in the reported vulnerabilities compared to the previous year, while 29% of the critical flaws in WordPress plugins never received a security update.”
Title: TLStorm Flaws Allow to Remotely Manipulate the Power of Millions of Enterprise UPS Devices
Date Published: March 10, 2022
https://securityaffairs.co/wordpress/128867/hacking/tlstorm-flaws-ups-devices.html
Excerpt: “Researchers from IoT security company Armis have discovered three high-impact security flaws, collectively tracked as TLStorm, affecting APC Smart-UPS devices. The flaws can allow remote attackers to manipulate the power of millions of enterprise devices carrying out extreme cyber-physical attacks.”
Title: APT41 Spies Broke Into 6 US State Networks via a Livestock App
Date Published: March 9, 2022
https://threatpost.com/apt41-spies-broke-into-6-us-state-networks-via-livestock-app/178838/
Excerpt: “USAHerds – an app used (PDF) by farmers to speed their response to diseases and other threats to their livestock – has itself become an infection vector, used to pry open at least six U.S. state networks by one of China’s most prolific state-sponsored espionage groups. In a report published by Mandiant on Tuesday, researchers described a prolonged incursion conducted by APT41. They detected the activity in May 2021 and tracked it through last month, February 2022, observing the spy group pry open vulnerable, internet-facing web apps that were often written in ASP.NET.”
Title: ITOps Teams are Getting Buried Beneath too Many Disparate Solutions for Endpoint Management
Date Published: March 10, 2022
https://www.helpnetsecurity.com/2022/03/10/keeping-endpoints-updated/
Excerpt: “Automox released the findings of a report which revealed that keeping endpoints continuously updated and secure has become even more challenging since the Automox 2021 report, and that organizations are continuing to struggle with the complexity of using multiple legacy tools to manage and secure today’s anywhere-everywhere work environment.”
Title: Former US Cyber Official Warns of Russian War Repercussions
Date Published: March 9, 2022
https://www.bankinfosecurity.com/former-us-cyber-official-warns-russian-war-repercussions-a-18687
Excerpt: “A former top U.S. cybersecurity official warns that the conflict in Ukraine will likely worsen before showing any signs of improvement, including potential cyber escalation with the U.S. and its NATO allies.”
Title: New Exploit Bypasses Existing Spectre-v2 Mitigations in Intel, AMD, Arm CPUs
Date Published: March 10, 2022
https://thehackernews.com/2022/03/new-exploit-bypasses-existing-spectre.html
Excerpt: “Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.”
Title: Finance Among Best-Prepared Sectors for Cyberattacks, but Falls Short in Other Areas
Date Published: March 10, 2022
Excerpt: “IT security professionals at financial institutions are better-prepared than their peers in many other industries, but they are still not performing as well as they should be when responding to cyberattacks, according to a report released Wednesday. Lack of speed in response to major hacks typically causes large enterprises overall to be “left exposed by a three-month gap in human cyber capabilities after threats break,” according to a release announcing the findings of the inaugural “Cyber Workforce Benchmark” report by Immersive Labs, which develops platforms to track and analyze the productivity of enterprise cyber professionals. (Log4j is an exception. Cybersecurity teams across the board were able to develop their cyber workers to respond within just two days to this recent pervasive threat.)”
Title: CISA Updates Conti Ransomware Alert with Nearly 100 Domain Names
Date Published: March 9, 2022
Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated the alert on Conti ransomware with indicators of compromise (IoCs) consisting of close to 100 domain names used in malicious operations. Originally published on September 22, 2021, the advisory includes details observed by CISA and the Federal Bureau of Investigation (FBI) in Conti ransomware attacks targeting organizations in the U.S. The updated cybersecurity advisory contains data from the U.S. Secret Service.”
Title: New Emotet Botnet is Rapidly Growing, with +130K Unique Bots Spread Across 179 Countries
Date Published: March 10, 2022
https://securityaffairs.co/wordpress/128879/breaking-news/emotet-botnet-rapidly-growing.html
Excerpt: “The Emotet botnet continues to grow and has infected approximately 130,000 hosts since its resurrection in November 2021.Early 2021, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action.”
Title: Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
Date Published: March 10, 2022
https://threatpost.com/qakbot-botnet-sprouts-fangs-injects-malware-into-email-threads/178845/
Excerpt: “The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacking – an attack in which malware operators malspam replies to ongoing email threads.”