<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 08/20/2020

SHARE

Breaches

Warehouse management software biz SnapFulfil hit by ransomware: It's not just the big dogs getting KO'd

A UK cloud-based warehouse management software provider was struck by ransomware earlier this week. Emails from SnapFulfil, a trading name of Synergy Logistics, sent to its customers late last week and shown to The Register, revealed how a ransomware attack targeted the company's services, disrupting warehouse operations for at least one of its customers. "We have been targeted by a ransomware attacker. We believe the data is safe. All the work done over the last few days has included additional security. READ MORE...


Gun exchange site confirms data breach after database posted online

A hacker has released the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. On August 10th, a threat actor posted databases that they claim contain 195,000 user records for the utahgunexchange.com, 45,000 records for their video site, 15,000 records from the hunting site muleyfreak.com, and 24,000 user records from the Kratom site deepjunglekratom.com. All of these sites are based out of Utah, USA and samples of the databases shared by cybersecurity intelligence. READ MORE...

Hacking

Thanks for the memories... now pay up or else: Maze ransomware crew claims to have hacked SK hynix, leaks '5% of stolen files'

The Maze hacker gang claims it has infected computer memory maker SK hynix with ransomware and leaked some of the files it stole. The South Korean semiconductor giant could not be reached for comment. For what it's worth, the Maze crew doesn't tend to need to fib about these sort of things. When it claims to have infiltrated a victim - and it has pwned a great deal of organizations lately - it usually publicly shares data stolen from the compromised network as proof. And such is the case with SK hynix. READ MORE...


Bletchley Park visitors warned of data breach after Blackbaud ransomware attack

Some years ago I visited the fabulous site of Bletchley Park, home of the UK's then-secret code-breaking efforts during World War II, where Alan Turing and other brilliant minds cracked encrypted messages sent by the Nazis. So when I received a letter from Bletchley Park in the post today, I imagined it would invite me to return, containing information about how they're handling visits during the pandemic. Unfortunately, the news wasn't so good. READ MORE...

Trends

What enterprises should consider when it comes to IoT security

Many enterprises have realized that the IoT presents tremendous business opportunities. The IoT can help businesses stay agile in changing situations and maintain a high level of visibility into operations, while positively impacting their bottom line. According to a BI Intelligence report, those who adopt IoT can experience increased productivity, reduced operating costs and expansion into new markets. Yet despite this proven success, security concerns have historically been a barrier to IoT adoption for enterprises. READ MORE...

Malware

FritzFrog Botnet Attacks Millions of SSH Servers

The unique, advanced worming P2P botnet drops backdoors and cryptominers, and is spreading globally. A peer-to-peer (P2) botnet called FritzFrog has hopped onto the scene, and researchers said it has been actively breaching SSH servers since January. SSH servers are pieces of software found in routers and IoT devices, among other machines, and they use the secure shell protocol to accept connections from remote computers. SSH servers are common in enterprise and consumer environments alike. READ MORE...


Lucifer cryptomining DDoS malware now targets Linux systems

A hybrid DDoS botnet known for turning vulnerable Windows devices into Monero cryptomining bots is now also scanning for and infecting Linux systems. While the botnet's authors named it Satan DDoS, security researchers are calling it Lucifer to differentiate it from Satan ransomware. Besides adding Linux targeting support, Lucifer's creators have also expanded the Windows version's capabilities to steal credentials and escalate privileges using the Mimikatz post-exploitation tool. READ MORE...

Information Security

Most ICS vulnerabilities disclosed this year can be exploited remotely

More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections, according to Claroty. The report comprises The Claroty Research Team's assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during 1H 2020, affecting 53 vendors. READ MORE...

Exploits/Vulnerabilities

Warn your staff about phone spear phishing attacks, as reports rise

Andy Greenberg at Wired has published an interesting article, describing how there have been a spate of "phone spear phishing" attacks since celebrity accounts on Twitters were very publicly compromised last month. You will remember that Twitter confirmed that members of staff were rung up by scammers, who then socially engineered their victims into handing over credentials which gave the hackers access to Twitter's internal tools. Those tools, which should have only been available to authorised personnel. READ MORE...


Sloppy string sanitization sabotages system security of millions of Java-powered 3G IoT kit: Patch me if you can

A vulnerability in Thales' Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday by IBM's X-Force Red. The bug (CVE-2020-15858), disclosed to Thales and addressed in a patch made available to IoT vendors in February, makes it possible for an attacker to, for instance, extract the code and other resources from a vulnerable device. This information could be reverse-engineered to find vulnerabilities to exploit. READ MORE...

On This Date

  • ...in 1833, future President Benjamin Harrison is born in North Bend, OH.
  • ...in 1882, Tchaikovsky's "1812 Overture" is first performed in Moscow.
  • ...in 1911, a dispatcher in the New York Times office sends the first telegram around the world via a commercial service.
  • ...in 1975, Viking 1, the first spacecraft to land successfully on Mars, is launched.