<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter -09/09/2020

Hacking

Start of School in Hartford Delayed by Ransomware Attack

One the worst cyberattacks yet against Connecticut's capital city forced officials to postpone the first day of school Tuesday, disrupting the day for thousands of families as city computer experts rushed to restore systems vital for school operations. Hartford Mayor Luke Bronin said the hacker or hackers indicated it was a ransomware attack, but only left an email address to contact and made no specific ransom demand. The problem was discovered Saturday and numerous systems were affected. READ MORE...


Netwalker ransomware hits Pakistan's largest private power utility

K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services. K-Electric is Pakistan's largest power supplier, serving 2.5 million customers and employing over 10 thousand people. Starting yesterday, K-Electric customers have been unable to access the online services for their account. To resolve this issue, K-Electric appears to be trying to reroute users through a staging site. READ MORE...

Malware

Spyware Labeled 'TikTok Pro' Exploits Fears of US Ban

Malware can take over common device functions as well as creates a phishing page to steal Facebook credentials. Researchers have discovered a new Android spyware campaign pushing a "Pro" version of the TikTok app that is exploiting fears among its young and gullible users that the popular social media app is on the cusp of being banned in the United States. The malware can take over basic device functions-such as capturing photos, reading and sending SMS messages, making calls and launching apps. READ MORE...

Information Security

Hackers use legit tool to take over Docker, Kubernetes platforms

They used an opensource tool specifically created to monitor and control cloud environments with Docker and Kubernetes installations, thus reducing their footprint on the breached server. Analyzing the attack, researchers at Intezer discovered that TeamTNT installed Weave Scope open-source tool to gain full control of the victim's cloud infrastructure. According to them, this may be the first time a legitimate third-party tool is abused to play the part of a backdoor in a cloud environment. READ MORE...


What happens to funds once they have been stolen in a cyberattack?

SWIFT and BAE Systems published a report that describes the complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a cyber attack. The report highlights the ingenuity of money laundering tactics to obtain liquid financial assets and avoid any subsequent tracing of the funds. For instance, cybercriminals often recruit unsuspecting job seekers to serve as money mules that extract funds by placing legitimate sounding job advertisements. READ MORE...

Exploits/Vulnerabilities

Researcher Details Google Maps Vulnerability That Earned Him $10,000

A researcher has disclosed the details of a cross-site scripting (XSS) vulnerability in Google Maps that earned him $10,000. Israel-based security researcher Zohar Shachar discovered the vulnerability in April 2019 and it was patched a few weeks later, but he only now disclosed his findings. The flaw affected the Google Maps feature that allows users to create their own map. These maps can be exported in various formats, including Keyhole Markup Language (KML). READ MORE...


Android's September 2020 Patches Fix Critical System Vulnerabilities

Google addressed two critical vulnerabilities in the Android System component as part of the newly released September 2020 set of security patches. More than 50 flaws are described in the Android Security Bulletin for September 2020: twenty-two as part of the 2020-09-01 security patch level and twenty-nine with the 2020-09-05 security patch level. Of the 22 issues fixed with the 2020-09-01 security patch level, 10 impact Framework (four elevation of privilege and six information disclosure). READ MORE...


VPNs: The Cyber Elephant in the Room

While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise. The quest for security has shaped our species for thousands of years. Since the earliest traces of civilization, we find evidence of fortifications that were erected in order to protect one tribe from another. The desire for security persists in today's Information Age, though many of the measures we take to ensure security are often little more than window dressing. READ MORE...

Science & Culture

Chinese cyber power is neck-and-neck with US, Harvard research finds

As conventional wisdom goes, experts tend to rank the U.S ahead of China, U.K., Iran, North Korea, Russia, in terms of how strong it is when it comes to cyberspace. But a new study from Harvard University's Belfer Center shows that China has closed the gap on the U.S. in three key categories: surveillance, cyber defense, and its efforts to build up its commercial cyber sector. "A lot of people, Americans in particular, will think that the U.S., the U.K., France, Israel are more advanced than China when it comes to cyber power". READ MORE...

On This Date

  • ...in 1776, the Continental Congress formally declares the name of the new nation to be the "United States" of America.
  • ...in 1850, California becomes the 31st state.
  • ...in 1956, Elvis Presley makes his first appearance on The Ed Sullivan Show.