22-Sep-23: In Security News Today

Hackers Given Access to Voting Equipment for Security Testing

Election machine manufacturers in the US have allowed ethical hackers to test their voting equipment in an effort to improve security ahead of the 2020 Presidential Election. The Election Security Research Forum featured penetration testing and bug research on digital scanners, ballot marking devices, and electronic pollbooks. This marks the first time manufacturers have voluntarily offered their systems for third-party review, aiming to make the democratic process more resilient and trustworthy.

Security Breach at Lakeland Community College Affects Over 285,000 Individuals

Lakeland Community College recently disclosed a security breach that occurred between March 7 and March 31, affecting over 285,000 individuals. The breach exposed sensitive information such as social security numbers, driver’s license numbers, financial account information, and medical information. Despite the breach, there have been no reports of identity fraud or misuse of information directly resulting from the incident.

High-Tech Manufacturer Exail Technologies Exposes File with Database Credentials

Exail Technologies, a high-tech manufacturer, inadvertently exposed a file containing database credentials on their website. The file, which was publicly accessible, could have allowed attackers to access and manipulate sensitive data. Additionally, the exposure of the company’s web server version and operating system flavor increases the risk of automated scanning tools and malware targeting their systems. The issue has since been resolved after being brought to the attention of Exail Technologies by the Cybernews research team.

Air Canada Employee Information Accessed in Cyberattack

Air Canada, Canada’s largest airline, announced that the personal information of some employees was accessed in a recent cyberattack. The incident had no impact on flight operations systems and no customer information was compromised. Air Canada has contacted the affected parties, reported the incident to authorities, and implemented additional security measures to prevent future incidents.

Cryptomining Malware Detected on Popular Thesaurus with 5 Million+ Monthly Visitors

Group-IB analysts discovered a hidden cryptojacking operation on a popular Russian thesaurus website with over five million monthly visitors. Cybercriminals embedded a malicious script that transformed visitors’ computers into cryptocurrency miners. The malware, named XMRig Coinminer, was found in archives downloaded from the website’s decoy page, posing a potential threat for introducing more damaging malware like ransomware or wipers.

Iranian Nation-State Actor OilRig Targets Israeli Organizations

The Iranian nation-state actor known as OilRig has targeted Israeli organizations in two separate campaigns using backdoors called Solar and Mango. The campaigns involved spear-phishing emails to spread the malware and collect sensitive information from major browsers and the Windows Credential Manager. OilRig, also known as APT34, has been active since 2014 and is affiliated with Iran’s Ministry of Intelligence and Security (MOIS).

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Atlassian and ISC have disclosed high-severity security flaws in their products that could lead to denial-of-service (DoS) and remote code execution. Atlassian has fixed four flaws, including a deserialization flaw in Jira Service Management, a DoS flaw in Confluence, an RCE flaw in Bitbucket, and a DoS flaw in Apache Tomcat server impacting Bamboo. ISC has also released fixes for two high-severity bugs in BIND that could cause a DoS condition. These vulnerabilities have been addressed in the latest versions of the affected software.

New APT Group Sandman Targets Telco Service Providers in Europe and Asia

A new APT group called Sandman has been discovered targeting telco service providers in Europe and Asia in a cyberespionage campaign. The group is using a sophisticated modular backdoor based on the Lua programming language, which is rare in the threat landscape. The Sandman APT group has been seen targeting telecommunications providers across the Middle East, Western Europe, and the South Asian subcontinent, and their activities may date back as early as 2022.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.