At a glance.
- Nemesis Kitten found in US Government network.
- Unpatched Magento instances hit with "TrojanOrders."
- Emotet has returned after three quiet months.
- Alleged "Zeus" cybercrime boss arrested in Switzerland.
- DDoS attacks in game servers by RapperBot.
- PCI Security Standards Council issues new mobile payment standard.
- A negative assessment of Russian cyber performance.
Nemesis Kitten found in US Government network.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory yesterday on Iranian government-sponsored APT actors compromising a federal network. The threat actor, Iran's Nemesis Kitten, exploited the well-known Log4Shell vulnerability to infiltrate a VMware Horizon server in February and move across the network. Bleeping Computer reports that the attackers deployed a cryptocurrency miner, as well as reverse proxies on compromised servers to remain within the network. The Washington Post identified the affected agency as the US Merit Systems Protection Board. CISA warns all organizations who didn't promptly apply Log4Shell remediations to check their systems for indicators of compromise. For more on the Iranian operation, see CyberWire Pro.