IT Security Newsletter

IT Security Newsletter - 08/07/2020

Written by Cadre | Fri, Aug 7, 2020

DDoS attacks in April, May and June 2020 double compared to Q2 2019

Findings from Link11's H1 2020 DDoS Report reveal a resurgence in DDoS attacks during the global COVID-19 related lockdowns. n April, May and June 2020, the number of attacks registered by Link11's Security Operations Center (LSOC) averaged 97% higher than the during the same period in 2019, peaking at a 108% increase in May 2020. Key findings from the annual report include: Multivector attacks on the rise / Growing number of reflection amplification vectors. READ MORE...

Hackers abuse lookalike domains and favicons for credit card theft

Hackers are abusing a new technique: combining homoglyph domains with favicons to conduct credit card skimming attacks. Sophisticated skimming attacks like Magecart have incorporated favicons before and impacted well-known companies like Claire's, Tupperware, Smith & Wesson, Macy's, and British Airways. Being mere images, favicons give off the impression they are innocuous. But attackers find ways to abuse the associated metadata within these files for sinister purposes. READ MORE...

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned. In June, KrebsOnSecurity was contacted by a cybersecurity researcher who discovered that a group of scammers was sharing highly detailed personal READ MORE...

Unpatched bug in Windows print spooler lets malware run as admin

Researchers found a way to bypass a patch Microsoft released to address a bug in the Windows printing services, which gives attackers a path to executing malicious code with elevated privileges. Tracked as CVE-2020-1048, the initial flaw received an initial fix in May and another one is coming with this month's rollout of security updates from Microsoft. Discovered and reported responsibly by Peleg Hadar and Tomer Bar of SafeBreach Labs, CVE-2020-1048 affects Windows Print Spooler. READ MORE...

Hackers can still steal wads of cash from ATMs. Here's the vulnerabilities that could let them in.

Thanks to a pair of zero-day vulnerabilities in a popular ATM, hackers could be pilfering off customers' sensitive banking information or withdrawing hefty wads of cash, according to research from New York-based Red Balloon Security. If exploited properly, one of the vulnerabilities the researchers found in Nautilus Hyosung America ATMs would allow attackers to essentially empty the machines of cash, the researchers, Brenda So and Trey Keown, told CyberScoop. READ MORE...

Researchers Create New Framework to Evaluate User Security Awareness

Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats. Researchers at Israel's Ben-Gurion University (BGU) have developed a framework for continuously evaluating the resilience of end users to phishing and similar social engineering attacks. Unlike other security awareness evaluation techniques that rely heavily on questionnaires and the self-reported behavior of users. READ MORE...

3 Tips For Better Security Across the Software Supply Chain

It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain. We all know the adage that a chain is only as strong as its weakest link, but it's easy to forget that this also applies to the software supply chain. Those who work with government or other highly regulated industries, or have customers that do, have likely been asked before about their software supply chain practices. READ MORE...

NSA shares advice on how to limit location tracking

The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared. The United States' National Security Agency (NSA) has published guidance on how to reduce the variety of risks that stem from having your location tracked when using smartphones, IoT devices, social media and mobile apps. Despite being geared towards military and intelligence personnel, the advice can be useful for anybody who's looking to limit their location exposure. READ MORE...

Nearly 50% of all smartphones affected by Qualcomm Snapdragon bugs

Several security vulnerabilities found in Qualcomm's Snapdragon chip Digital Signal Processor (DSP) chip could allow attackers to take control of almost 40% of all smartphones, spy on their users, and create un-removable malware capable of evading detection. DSPs are system-on-chip units are used for audio signal and digital image processing, and telecommunications, in consumer electronics including TVs and mobile devices. READ MORE...

Getting to the Root: How Researchers Identify Zero-Days in the Wild

Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it. When a zero-day vulnerability is exploited in the wild, it's essential to identify the bug at the root of the attack. This "root cause analysis" informs researchers how an attack unfolded. "We care a lot about making it harder for people to exploit users using zero-days," said Google Project Zero researcher Maddie Stone in a Black Hat presentation on the topic. READ MORE...

Researchers flag two zero-days in Windows Print Spooler

In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach Labs. A month later, the two researchers found a way to bypass the patch and re-exploit the vulnerability on the latest Windows version. Microsoft assigned this vulnerability a new identification number - CVE-2020-1337 - and will patch it on August 2020 Patch Tuesday. They've also discovered a DoS flaw affecting the same service, which won't be patched. READ MORE...

  • ...in 1944, IBM dedicates the first program-controlled calculator.
  • ...in 1959, from the Atlantic Missile Range in Cape Canaveral, Florida, the U.S. unmanned spacecraft Explorer 6 is launched into an orbit around the Earth.
  • ...in 1975, actress Charlize Theron ("Monster", "Mad Max: Fury Road") is born in Benoni, South Africa.
  • ...in 1990, President George H.W. Bush orders the organization of Operation Desert Shield in response to Iraq's invasion of Kuwait on August 2.