IT Security Newsletter - 03/31/2021
US govt warns that buying fake COVID-19 vaccine cards is a crime
US federal agencies have warned today against making or selling fake COVID-19 vaccination record cards as this is breaking the law. The FBI, the Department of Health and Human Services, and the Office of Inspector General (HHS-OIG) issued the warning today in the form of a public service announcement published on the Internet Crime Complaint Center. Additionally, using fake vaccination record cards could also put others at risk, increasing the chance of contracting COVID-19 or infecting others. READ MORE...
Leading Indian fintech platform MobiKwik denies data breach
Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. This privately held fintech platform provides financial services and a phone-based payment gateway to more than 120 million users. Mobikwik says that approximately 3 million merchants and over 300 billers are currently using its services. Personal and financial info of millions up for sale. READ MORE...
Scammers target universities in ongoing IRS phishing attacks
The Internal Revenue Service (IRS) is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions. The attacks use tax refund payment baits and mainly focus on universities' staff and students with .edu email addresses. "The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions," the US revenue service warned. Tax refunds used as lures: READ MORE...
The latest malware hiding in video game cheat codes
Gamers have long used cheat codes to enhance their performance in video games. But buyer beware - hackers have recently been lacing malware in video game cheat codes that could allow attackers to hack victims' microphones or web cameras, according to research Cisco Talos researchers published Wednesday. The campaign, which appears to have targeted video game players and PC modders, features malware hidden in seemingly legitimate files that users can download to run game patches. READ MORE...
Microsoft: Firmware Attacks Outpacing Security Investments
Microsoft is confirming a surge in malicious attacks targeting firmware and the software giant wants to play a role in reducing the attack surface below the operating system. According to a new Security Signals report released Tuesday by Microsoft, a whopping 80 percent of businesses reported "at least one firmware attack" in the past two years but only 30 percent allocated any budget spend on firmware protection. READ MORE...
Akamai Sees Largest DDoS Extortion Attack Known to Date
Distributed denial of service (DDoS) attacks are growing bigger in volume, and they have also become more targeted and increasingly persistent, according to web security services provider Akamai. The recently observed assaults haven't reached the magnitude of the largest DDoS attacks the company has mitigated to date, which have peaked at 1.35 Tbps in 2018 and at 1.44 Tbps in 2020, but three of them are among the six biggest volumetric DDoS attacks Akamai has ever encountered. READ MORE...
Fake jQuery files infect WordPress sites with malware
Security researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. These files are named jquery-migrate.js & jquery-migrate.min.js and present at the exact locations where JavaScript files are normally present on WordPress sites but are in fact malicious. over 7.2 million websites use the jQuery Migrate plugin, which explains why attackers would disguise their malware under this popular plugin's name. READ MORE...
How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals
Suspected Iranian hackers have impersonated a well-known Israeli physicist as part of a broader campaign to break into the email accounts of some two-dozen medical researchers in Israel and the U.S., email security firm Proofpoint said Wednesday. The intrusion attempts - carefully crafted efforts to spy on senior medical professionals in the genetic, neurology and oncology fields - are the handiwork of the Charming Kitten hacking group, Proofpoint said. READ MORE...
Biden Extends Executive Order on Cyberattack Sanctions
President Biden extends cyber-sanctions executive orderPresident Joe Biden on Monday sent a letter to the House of Representatives and the Senate to extend an executive order regarding sanctions issued in response to cyberattacks. Executive Order 13694, issued in 2015 by president Barack Obama, enables authorities to block the property of entities engaging in "significant malicious cyber-enabled activities." READ MORE...
Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape
Researchers from Chinese cybersecurity company Qihoo 360 have earned another $20,000 from Google for a sandbox escape vulnerability affecting the Chrome web browser. Google informed Chrome users on Tuesday that an update for version 89 includes eight security fixes, including for six vulnerabilities reported by external researchers. The highest reward, $20,000, was awarded to researchers Leecraso and Guang Gong of the 360 Alpha Lab at Qihoo 360. The issue was described by Google. READ MORE...
- ...in 1889, the Eiffel Tower is dedicated in Paris in a ceremony presided over by Gustave Eiffel, whose company built and designed it.
- ...in 1918, daylight saving time goes into effect in the United States for the first time.
- ...in 1943, stage and screen actor Christopher Walken ("The Deer Hunter", "Batman Returns") is born in Queens, NY.
- ...in 1998, Netscape releases their Mozilla source code under an open-source license, paving the way for the Firefox web browser and its various spinoffs.