IT Security Newsletter

IT Security Newsletter - 4/10/2020

Written by Cadre | Fri, Apr 10, 2020

Compromised Zoom Credentials Swapped in Underground Forums

Researchers have uncovered a database shared on an underground forum containing more than 2,300 compromised Zoom credentials. The database contained usernames and passwords for Zoom accounts - including corporate accounts belonging to banks, consultancy companies, educational facilities, healthcare providers and software vendors. Some of the accounts included meeting IDs, names and host keys in addition to credentials. READ MORE...

RigUp Database Exposed 76,000 Files From U.S. Energy Sector

An exposed Amazon Web Services (AWS) S3 bucket belonging to RigUp was found to expose tens of thousands of private files belonging to organizations and individuals in the U.S. energy sector, vpnMentor reports. Founded in 2014, United States-based RigUp is a labor marketplace and services provider for the country's energy sector. The software company connects independent contractors with companies across the U.S. READ MORE...

Travelex Pays $2.3M in Bitcoin to Hackers Who Hijacked Network in January

Travelex has paid out $2.3 million in Bitcoin to hackers to regain access to its global network after a malware attack at the new year knocked the global currency exchange offline and crippled its business during the month of January. The move-reported by the Wall Street Journal-may seem counterintuitive, as experts in the past have typically recommended that companies refrain from paying threat actors ransom when such scenarios occur. READ MORE...

Copycat Site Serves Up Raccoon Stealer

Someone is targeting web denizens with a malicious, copycat Malwarebytes website, which serves up the Raccoon information stealer malware to unsuspecting visitors. According to the security firm itself, the attackers set up the domain "malwarebytes-free[.]com" with a domain registrar in Russia in late March. "We don't expect to hear from either the registrar or hosting provider," Malwarebytes researchers told Threatpost, noting that the website is still active. READ MORE...

Over 3.6M users installed iOS fleeceware from Apple's App Store

Developers of fleeceware apps are now using the Apple App Store as a distribution platform having already successfully delivered their iOS apps onto over 3.5 million iPhone and iPad devices according to a report from Sophos. Apps categorized as 'fleeceware', as Sophos researchers dubbed them last year, don't fall in the malware and potentially unwanted app (PUA) categories since they do not exhibit any malicious or potentially dangerous behavior. READ MORE...

Zoom security: Getting the settings right

Zoom is attracting a lot of attention in the media due to the mass uptake of videoconferencing services during the near global lockdown due to COVID-19. They are adapting to sudden global overnight demand and success, something most companies can only dream of. Companies, like Zoom, offer free products and services to attract new users, making it free removes the barrier of that payment imposes and hopefully locks the user in to a service long term. READ MORE...

Botnet Targets Critical Vulnerability in Grandstream Appliance

The Hoaxcalls botnet is actively targeting a recently patched SQL injection vulnerability in Grandstream UCM6200 series devices, security researchers warn. Tracked as CVE-2020-5722 and rated critical severity (with a CVSS3.1 score of 9.8), the vulnerability exists in the HTTP interface of the impacted IP PBX appliance. The security flaw, described as an unauthenticated remote SQL injection that can be exploited via a crafted HTTP request, allows an attacker to execute shell commands as root or inject HTML code in password recovery emails. READ MORE...

Hackers Can Compromise VMware vCenter Server Via Newly Patched Flaw

VMware has patched a critical vulnerability that can be exploited to compromise vCenter Server or other services that rely on the Directory Service for authentication. The flaw, tracked as CVE-2020-3952 with a CVSS score of 10, was disclosed by VMware on Thursday. The virtualization giant learned of its existence from a researcher who has not been named in the company's security advisory. READ MORE...

Schneier on Hacking Society

What if security experts could take a crack at fixing the huge and unwieldy US tax code, or ensuring that legislation gets written without inadvertent or deliberate loopholes? Renowned security technologist Bruce Schneier believes complex societal systems such as these could benefit from the mindset and skills of security experts - white hat hackers, penetration testers, application security experts - whose jobs entail finding, fixing, and preventing software vulnerabilities. READ MORE...

  • ...in 1912, the RMS Titanic leaves port in Southampton, England for her first and last voyage.
  • ...in 1925, F. Scott Fitzgerald's classic novel "The Great Gatsby" is first published in New York City.
  • ...in 1970, The Beatles officially break up after Paul McCartney announces that he is leaving for personal and professional reasons.
  • ...in 1992, actress Daisy Ridley (Star Wars: The Force Awakens) is born in London, England.