IT Security Newsletter

IT Security Newsletter - 7/30/2021

Written by Cadre | Fri, Jul 30, 2021

Chipotle's marketing account hacked to send phishing emails

Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links. Most of the messages directed users to credential-harvesting sites impersonating services from a financial business and Microsoft. A very small number had malware attachments. The campaign sent out in three days at least 120 malicious emails from a hacked Mailgun account used by Chipotle for email marketing purposes. READ MORE...

Most Twitter users haven't enabled 2FA yet, report reveals

According to the data shared by Twitter in its recently released transparency report, the popular social network's users are reluctant to adopt two-factor authentication (2FA) to bolster their account security. In fact, the report paints a pretty bleak picture considering that over the second half of 2020 only 2.3% of active Twitter accounts had at least one 2FA method enabled. READ MORE...

Remote Code Execution Flaws Patched in WordPress Download Manager Plugin

A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns. Tracked as CVE-2021-34639 and having a CVSS score of 7.5, the bug is an authenticated file upload issue that could have allowed attackers to upload files with php4 extensions, as well as files that could be executed if certain conditions were met. READ MORE...

PyPI packages caught stealing credit card numbers, Discord tokens

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers. These malicious packages were published under three different PyPI accounts and are estimated to have scored over 30,000 downloads put together, according to the researchers' report. READ MORE...

New bank-fraud malware called Vultur infects thousands of devices

Recently detected Android malware, some spread through the Google Play Store, uses a novel way to supercharge the harvesting of login credentials from more than 100 banking and cryptocurrency applications. The malware, which researchers from Amsterdam-based security firm ThreatFabric are calling Vultur, is among the first Android threats to record a device screen whenever one of the targeted apps is opened. READ MORE...

Krebs on Security: The Life Cycle of a Breached Database

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here's a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database. READ MORE...

Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers

As a member of the secretive Senate Intelligence Committee, Sen. Angus King has reason to worry about hackers. At a briefing by security staff this year, he said he got some advice on how to help keep his cellphone secure. Step One: Turn off phone. Step Two: Turn it back on. That's it. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is - turning a device off then back on again - can thwart hackers from stealing information from smartphones. READ MORE...

  • ...in 1932, Walt Disney releases his first cartoon in color -- "Flowers and Trees".
  • ...in 1947, actor and former politician Arnold Schwarzenegger is born in Thal, Austria.
  • ...in 1961, actor Laurence Fishburne ("The Matrix", "Apocalypse Now") is born in Augusta, GA.
  • ...in 1965, President Lyndon B. Johnson signs the Social Security Act of 1965, establishing Medicare and Medicaid.