IT Security Newsletter - 08/28/2020
Confessions of an ID Theft Kingpin, Part I
At the height of his cybercriminal career, the hacker known as "Hieupc" was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world's top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good. READ MORE...
Confessions of an ID Theft Kingpin, Part II
Yesterday's piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good. Here's a look at what happened after he got busted. READ MORE...
Russian tourist offered employee $1 million to cripple Tesla with malware
"This was a serious attack," Elon Musk says. Tesla's Nevada Gigafactory was the target of a concerted plot to cripple the company's network with malware, CEO Elon Musk confirmed on Thursday afternoon. The plan's outline was divulged on Tuesday in a criminal complaint that accused a Russian man of offering $1 million to the employee of a Nevada company, identified only as "Company A," in exchange for the employee infecting the company's network. READ MORE...
Old Malware Tool Acquires New Tricks
Latest version of Qbot has acquired a new feature for collecting email threads from Outlook clients. Qbot, a malware tool that has been tormenting users worldwide since at least 2008, is back at it again, with new features including one for stealing email threads from Outlook clients and using them to try and infect other user systems. Researchers from Check Point observed the new version of Qbot being delivered via malicious spam emails in early August and targeting nearly 100,000 systems per day. READ MORE...
Lemon_Duck cryptominer malware now targets Linux devices
The Lemon_Duck cryptomining malware has been updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances. Lemon_Duck (spotted last year by Trend Micro and further examined by SentinelOne) is known for targeting enterprise networks, gaining access over the MS SQL service via brute-forcing or the SMB protocol using EternalBlue according to Guardicore's Ophir Harpaz. READ MORE...
Researchers Hijack 28,000 Printers to Show How Easily They Can Be Hacked
Researchers have once again demonstrated that many printers can be hacked remotely, by hijacking 28,000 devices and instructing them to print out a printer security guide. The research was conducted by security experts at CyberNews, who claim to have identified more than 800,000 printers that were accessible over the internet and had network printing features enabled. They then selected a sample of 50,000 exposed printers and sent them a script that instructed the devices to print the security guide. READ MORE...
Vulnerabilities Expose Popular DVB-T2 Set-Top Boxes to Botnets: Researchers
Avast security researchers have identified vulnerabilities in DVB-T2 devices that could allow attackers to ensnare them in botnets. An extension of the DVB consortium standard for the broadcast transmission of digital terrestrial television, DVB-T2 (Digital Video Broadcasting - Second Generation Terrestrial) can transmit compressed digital audio, video, and other data. There is a push for the adoption of DVB-T2, following the European Union's decision to auction the 700 MHz band to telecommunications operators. READ MORE...
Southern Water customers could view others' personal data by tweaking URL parameters
A quick lesson in how not to deploy Sharepoint as a 'my account' file retrieval system. Southern Water - British supplier of the liquid of life - botched its internal Sharepoint implementation so badly that a customer was able to view other people's account details. Reg reader Chris H discovered that the way Southern Water had set up Sharepoint to host customer information as a "your account" style section of their website exposed URLs that could be tweaked to view other people's account information. READ MORE...
Vulnerability Volume Poised to Overwhelm Infosec Teams
The collision of Microsoft and Oracle patches on the same day has contributed to risk and stress for organizations. Vulnerability disclosures for 2020 are on track to meet or surpass the number disclosed in 2019, researchers report, and the timing of these bug disclosures could prove risky and stressful for security teams. Risk Based Security's VulnDB team aggregated 11,121 vulnerabilities during the first half of this year, researchers state in its "2020 Mid Year Vulnerability QuickView Report." READ MORE...
LG's battery-powered face mask will "make breathing effortless"
The face mask lasts for up to eight hours on a charge. Big Tech is here to save us from COVID-19! With every responsible, compassionate person running around with a mask on nowadays, it seems inevitable that the phrase "wearable technology" will soon regularly include overly complicated high-tech face masks. One of the first major tech companies out of the gate with a questionably useful product is LG. The "LG PuriCare Wearable Air Purifier" is a battery-powered face mask that the company says will "supply fresh, clean air indoors and out." READ MORE...
- ...in 1867, The United States takes possession of the uninhabited Midway Island.
- ...in 1907, UPS is founded by Seattle teenagers James E. Casey and Claude Ryan as a bicycle messenger service.
- ...in 1917, comics artist and writer Jack Kirby, the co-creator of Captain America, the X-Men, and hundreds of other characters, is born in New York City.
- ...in 1963, Dr. Martin Luther King, Jr. gives his famous "I Have A Dream" speech at the Lincoln Memorial.