<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 1/10/2020

Breaches_ITSEC-1

4 Ring Employees Fired For Spying on Customers

Smart doorbell company Ring said that it has fired four employees over the past four years for inappropriately accessing customer video footage. The disclosure comes in a recent letter to senators (in response to a November inquiry into the company’s data policies) from Amazon-owned Ring as it attempts to defend the privacy of its platform, which has been plagued by data privacy incidents over the past year. In the letter, Ring said the former employees were authorized to view video data, but their attempted access to the data “exceeded what was necessary for their job functions.”

Hacking_ITSEC

Latest 'Intrusion Truth' data dump peels back layers on Chinese front companies

The anonymous group known in the cybersecurity world for publishing detailed blog posts about suspected nation-state hackers released new information Thursday alleging that Chinese technology companies are recruiting attackers working on Beijing’s behalf. By identifying job postings seeking offensive cybersecurity skills, the group wrote, they found a number of companies in Hainan, a province in South China, all using the same language in their advertisements. 


Oil-and-Gas APT Pivots to U.S. Power Plants

A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part of a broader trend in which cybercriminals focused on critical infrastructure are branching out from a single-vertical operation to multiple industrial sectors. While that reality doesn’t necessarily threaten a physically disruptive attack, it also certainly doesn’t rule it out, the firm said.

Malware_ITSEC

Google Removed Over 1.7K Joker Malware Infected Apps from Play Store

Roughly 1,700 applications infected with the Joker Android malware (also known as Bread) have been detected and removed by Google's Play Protect from the Play Store since the company started tracking it in early 2017. At least one series of such malicious apps did manage to get into the Play Store as discovered by CSIS Security Group security researchers who found 24 apps with over 472,000 downloads in total during September 2019.


Chinese Malware Found Preinstalled on US Government-Funded Phones

Budget Android smartphones offered through a US government initiative for low-income Americans come with preinstalled, unremovable Chinese malware, researchers report. These low-cost smartphones are sold by Assurance Wireless, a federal Lifeline Assistance program under Virgin Mobile. Lifeline, supported by the federal Universal Service Fund, is a government program launched in 1985 to provide discounted phone service to low-income households.

Exploits_ITSEC

Google researcher beefs up iMessage security by demonstrating clickless exploit

Software exploits that don’t require a victim to click a link to be compromised are an intriguing and growing area of research for white-hat hackers. So it is no surprise that Google’s elite team of hackers, Project Zero, has dug into this stealthy mode of attack in recent months. On Thursday, Samuel Gross laid out how, armed with only a target’s Apple ID, he could remotely compromise an iPhone within minutes to steal passwords, text messages and emails, and activate the camera and microphone.

Software_ITSEC

PayPal Patches Vulnerability That Exposed User Passwords

A researcher has earned over $15,000 from PayPal for reporting a critical vulnerability that could have been exploited by hackers to obtain user email addresses and passwords. Identified while analyzing PayPal’s main authentication flow, the issue was related to PayPal placing cross-site request forgery (CSRF) tokens and the user session ID in a JavaScript file, thus making them retrievable by attackers via cross-site script inclusion (XSSI) attacks.