<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/30/2020

SHARE

TopNews_ITSEC

UN hacked: Attackers got in via SharePoint vulnerability

In summer 2019, hackers broke into over 40 (and possibly more) UN servers in offices in Geneva and Vienna and downloaded “sensitive data that could have far-reaching repercussions for staff, individuals, and organizations communicating with and doing business with the UN,” The New Humanitarian reported on Wednesday.

Breaches_ITSEC-1

Krebs on Security: Sprint Exposed Customer Support Site to Web

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called “Social Care” was being indexed by search engines.


Dozens of companies have data dumped online by ransomware ring

The Maze ransomware ring has taken extortion to new heights by publicly posting breached data on the Internet—and threatening full dumps of stolen data if the ring's "customers" don't pay for their files to be unencrypted. But the group appears to be making one exception: the City of Pensacola, which was hit by Maze ransomware in December.

Hacking_ITSEC

Government spyware company spied on hundreds of innocent people

In March 2019, researchers with a group called Security Without Borders – a non-profit that often investigates threats against dissidents and human rights defenders – identified more than 20 government spyware apps squatting in plain sight, pretending to be harmless, vanilla apps on Google’s Play store. Those apps – which were just a decoy through which government spyware called Exodus was installed on targets’ phones – were anything but harmless.

Malware_ITSEC

Emotet Uses Coronavirus Scare to Infect Japanese Targets

A malspam campaign is actively distributing Emotet payloads via emails that warn the targets of coronavirus infection reports in various prefectures from Japan, including Gifu, Osaka, and Tottori. To scare the potential victims into opening malicious attachments, the spam emails — camouflaged as official notifications from disability welfare service provider and public health centers — promise to provide more details on preventative measures against coronavirus infections within the attachments.

Exploits_ITSEC

200K WordPress Sites Exposed to Takeover Attacks by Plugin Bug

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the import menu. According to the active installations count on its WordPress library entry, the open-source Code Snippets plugin is currently used by more than 200,000 websites.


Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges

Vulnerabilities in the Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices’ Direct Memory Access (DMA) capability. DMA is a processing-efficiency approach for peripherals (such as PCI cards or network interface cards) that, as the name suggests, offers direct high-speed access to a system’s memory.

Software_ITSEC

Apple Security Updates Tackle iOS Device Tracking, RCE Flaws

Apple’s latest security fixes, released Tuesday, tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution (RCE). Of particular interest to privacy-minded iPhone 11 users is an iOS 13.3.1 update that allows users to turn off U1 Ultra-Wideband device tracking. The fixes address vulnerabilities in Apple’s Xcode, watchOS, Safari, iTunes for Windows, iOS, iPadOS, macOS and tvOS.