IT Security Newsletter

IT Security Newsletter - 1/20/2020

Written by Cadre | Mon, Jan 20, 2020

A Georgia election server was vulnerable to Shellshock and may have been hacked

Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock, a critical flaw that gives attackers full control over vulnerable systems, a computer security expert said in a court filing on Thursday. Shellshock came to light in September 2014 and was immediately identified as one of the most severe vulnerabilities to be disclosed in years.

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out. Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.

New Nest Video Extortion Scam Plays Out Like a Spy Game

A new extortion scam that breaks the typical mold has been detected at the beginning of the year. Fraudsters preying on the insecurity of connected devices used footage from Nest cameras, and led victims through a convoluted path of email accounts and web sites before making their ransom price known.

ADP Users Hit with Phishing Scam Ahead of Tax Season

Cybercriminals eager to jump-start tax season have launched a phishing campaign targeting some ADP users, telling them their W-2 forms are ready and prompting them to click a malicious link. Links embedded in the fraudulent email redirect users to a phishing website designed to look like an ADP login page. These domains were registered the same day as the attack, note AppRiver researchers who discovered the campaign.

New Jersey Synagogue Suffers Sodinokibi Ransomware Attack

Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network. In an email seen by BleepingComputer, Temple Har Shalom informed their congregation that they discovered the ransomware attack on January 9th after staff had trouble connecting to the Internet.

Americans still vulnerable to hack-and-leak tactics, DOJ official says

As the 2020 election campaigning kicks into high gear, a senior Department of Justice official says he worries that Americans are still vulnerable to foreign hack-and-leak operations that are intended to disrupt democratic processes. “One of the things that I am concerned about is the hacking-and-dumping activity that occurred in 2016,” John Demers, the assistant attorney general for national security, said Friday.

Microsoft issues Internet Explorer zero-day warning, but there’s no patch yet

Microsoft has published a warning to Internet Explorer users about an unpatched zero-day vulnerability in the browser that is being exploited in targeted attacks. The security hole, which has been dubbed CVE-2020-0674 and is believed to be related to a critical security vulnerability in Firefox that Mozilla warned about earlier this month, could be exploited to allow an attacker to execute malicious code on a user’s computer.

Hackers Earn $275,000 for Vulnerabilities in U.S. Army Systems

A total of 146 valid vulnerabilities were reported as part of the second Hack the Army bug bounty program, and more than $275,000 were paid in rewards. The challenge ran between October 9 and November 15, 2019, and was the result of a partnership between the Defense Digital Service, the U.S. Department of Defense (DoD), and hacker-powered pentesting platform HackerOne.

Citrix Releases First Patches for Critical ADC Vulnerability

Citrix has started rolling out security patches for the recently revealed Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability. Disclosed in December 2019 and tracked as CVE-2019-19781, the vulnerability could be exploited to achieve code execution. The issue impacts versions 13.0, 12.1, 12.0, 11.1, and 10.5 of both Citrix ADC and Gateway (previously known as NetScaler ADC and NetScaler Gateway).