IT Security Newsletter

IT Security Newsletter - 09/08/2020

Written by Cadre | Tue, Sep 8, 2020

Mystery surrounds alleged Paytm Mall hack, as security firm hit by legal threat

According to media reports, India's leading online shopping app has sent a legal notice to a US security firm demanding that they stop spreading "false" claims that it has been hacked. Indian financial newspaper Mint says that Paytm Mall has sent the legal notice to Atlanta-based Cyble Inc, which at the end of last month published a blog post (archived here) claiming that the Paytm Group had suffered a "massive data breach" after a hacking group known as "John Wick" had uploaded unauthorised code. READ MORE...

Netwalker ransomware hits Argentinian government, demands $4 million

Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country. While ransomware attacks against cities and local agencies have become all too common, this may be a first known attack against a federal agency that has interrupted a country's operations. READ MORE...

DoppelPaymer ransomware hits Newcastle University, leaks data

UK research university Newcastle University says that it will take several weeks to get IT services back online after DoppelPaymer ransomware operators breached its network and took systems offline on the morning of August 30th. The attack is now investigated by the UK Police and the National Crime Agency in cooperation with the Newcastle University IT Service (NUIT). "On Sunday 30 August 2020, we became aware that the University had suffered a serious cyber incident which is causing operational disruption across our networks and IT systems. READ MORE...

Evilnum Cyberspies Update Arsenal in Recent Attacks

The threat group tracked as Evilnum was observed using updated tactics and tools in recent attacks, Cybereason's Nocturnus research team reported last week. Initially detailed in 2018, Evilnum appears to have been active for nearly a decade, offering 'mercenary' hack-for-hire services, a recent report from Kaspersky revealed. Focused on espionage, Evilnum recently switched from delivering ZIP archives containing multiple LNK files (via spear-phishing) to including a single LNK in the archive. READ MORE...

Big tech companies want to help get you back in the office

They are offering services to track employees, arrange tests, and record results. Many things about Matt Bruinooge's senior year at Brown are different from his previous college life. One is that he logs on to a website from tech giant Alphabet twice a week to schedule nasal swabs. Brown is one of the first customers of a pandemic safety service from Alphabet subsidiary Verily Life Sciences called Healthy at Work, or Healthy at School at colleges. READ MORE...

Ransomware hits two state-run organizations in the Middle East and North Africa

A strain of ransomware designed to disrupt computers' booting processes hit government-run organizations in the Middle East and North Africa in July, researchers said Friday, in the latest example of data-wiping tools being aimed at key organizations in the region. The ransomware attacks used Thanos, a type of malware that surfaced earlier this year and has gained traction on underground forums, according to analysts at Palo Alto Networks. In an increasingly popular tactic among ransomware gangs. READ MORE...

How to protect yourself from the hidden threat of evasive scripts

Evasion techniques are used by cybercriminals to evade detection, and they are especially prevalent in the context of scripts, which on their own have legitimate uses (e.g., to automate processes on a computer system). Unfortunately, scripts can also be used for malicious purposes, and malicious scripts are unlikely to be detected or blocked by the average antimalware solution. That's why cybercriminals are turning to script-based attacks and other evasive malware - like Emotet - more often than ever before. READ MORE...

Securing Active Directory accounts against password-based attacks

Traditional password-based security might be headed for extinction, but that moment is still far off. In the meantime, most of us need something to prevent our worst instincts when it comes to choosing passwords: using personal information, predictable (e.g., sequential) keystroke patterns, password variations, well-known substitutions, single words from a dictionary and - above all - reusing the same password for many different private and enterprise accounts. What does a modern password policy look like? READ MORE...

Online voting vendor Voatz urges Supreme Court to limit security research

Unauthorized security research can "cause harmful effects," Voatz says in baffling brief. The Supreme Court is considering whether to adopt a broad reading of the Computer Fraud and Abuse Act that critics say could criminalize some types of independent security research and create legal uncertainty for many security researchers. Voatz, an online voting vendor whose software was used by West Virginia for overseas military voters in the 2018 election, argues that this wouldn't be a problem. READ MORE...

Critical Vulnerabilities Expose MoFi Routers to Remote Attacks

Routers made by MoFi Network are affected by several vulnerabilities, including critical flaws that can be exploited to remotely hack a device. The vulnerabilities were reported to the vendor in May by Rich Mirch, a security researcher at CRITICALSTART. However, some of them remain unpatched. The researcher discovered a total of 10 vulnerabilities affecting MOFI4500 routers, a majority related to the web management interface, which by default is accessible on all network interfaces. READ MORE...

Popular Android apps are rife with cryptographic vulnerabilities

Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities. They also used it to test 1780 popular Android apps from the Google Play Store, and the results were abysmal. Each of the tested apps with an instrumented crypto library were run in Crylogger, which logs the parameters that are passed to the crypto APIs during the execution and then checks their legitimacy offline by using a list of crypto rules. READ MORE...

How the government is keeping hackers from disrupting coronavirus vaccine research

Six months ago, as professional sports were postponed indefinitely, schools were shuttering, Tom Hanks was the poster boy for COVID-19, and President Donald Trump addressed a nervous nation, people at the highest levels of the U.S. government became laser-focused on one idea: Coronavirus vaccine research needed to be defended from hacking attempts. Soon after the World Health Organization declared a pandemic, the Pentagon's Defense Digital Service and the National Security Agency got to work on a behind-the-scenes protection mission READ MORE...

  • ...in 1930, 3M begins marketing Scotch brand transparent tape.
  • ...in 1943, Gen. Dwight Eisenhower publicly announces the surrender of Italy to the Allies.
  • ...in 1966, the crew of the U.S.S. Enterprise takes off on its mission to "boldly go where no man has gone before," with the premiere of Star Trek.
  • ...in 1974, President Gerald Ford pardons his predecessor Richard Nixon for any crimes he may have committed.