IT Security Newsletter - 1/31/2020
NEC Defense Contracts Info Potentially Compromised in Breach
The Japanese NEC electronics giant was the target of a cyberattack that resulted in unauthorized access to its internal network on Thursday according to information leaked to Japanese newspapers by sources close to the matter. The electronics and information technology giant is a major contractor for Japan's defense industry, engaged in various defense equipment projects with the Japan Self-Defense Forces (JGSDF or Jieitai), including but not limited to 3D radar, broadband multipurpose radio systems and may have leaked relevant information.
Trello exposed! Search turns up huge trove of private data
Hands up who’s used the increasingly popular online collaboration platform Trello? Trello is great for organising to-do lists and for coordinating team tasks. But it has its downsides too. While the default for Trello boards is set to ‘private’, many users set them to ‘public’ which means that anyone can see what’s posted there. Not only that, search engines such as Google index public Trello boards, making it simple for anyone to uncover the boards’ contents using a specialised type of search called a ‘dork’.
Winnti Group targeting universities in Hong Kong
In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and embedding numerous modules. The Winnti malware was also found at these universities a few weeks prior to ShadowPad.
Microsoft Detects New Evil Corp Malware Attacks After Short Break
Microsoft says that an ongoing Evil Corp phishing campaign is using attachments featuring HTML redirectors for delivering malicious Excel documents, this being the first time the threat actors have been seen adopting this technique. The new campaign is detailed in a series of tweets from the Microsoft Security Intelligence account, with the researchers saying that the final payload is being dropped using an Excel document that bundles a malicious macro.
DOD contractor Electronic Warfare Associates hit with Ryuk ransomware
Electronic Warfare Associates (EWA), a government contractor that works with the Department of Defense, Department of Justice, and Department of Homeland Security, has been hit with a ransomware attack, CyberScoop has learned. EWA’s CEO and president, Carl Guerreri, confirmed the infection in a Thursday interview with CyberScoop, but wouldn’t reveal further details.
TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly
The TrickBot Trojan has switched to a new Windows 10 UAC bypass to execute itself with elevated privileges without showing a User Account Control prompt. Windows uses a security mechanism called User Account Control (UAC) that will display a prompt every time a program is run with administrative privileges. When these prompts are shown, they will ask logged in user if they wish to allow the program to makes changes, and if the program is suspicious or unrecognized, allows the user to prevent the program from running.
Microsoft Offers Rewards of Up to $20,000 in New Xbox Bug Bounty Program
Microsoft is offering rewards of up to $20,000 for finding vulnerabilities in its Xbox gaming platform through its latest bug bounty program unveiled this week. The Xbox Bounty Program is open to gamers, security researchers and basically anyone who can help the tech giant identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team, Chloé Brown, a Microsoft Security Response Center program manager, said in a blog post Thursday.
Don’t get sacked! Scams to look out for this Super Bowl
One of the most-anticipated sporting events of the year is almost here. Like any popular event, the Super Bowl can be a fertile breeding ground for various malicious actors looking to scam you out of your hard-earned money or your personal data. A wide variety of scams targets both spectators who are watching from the comfort of their living rooms and those cheering for their teams in the stadium. Here are some ways you can tackle security offenses that may be targeted against you.
Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup
Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. The flaws allow remote unauthenticated adversaries to access sensitive information and level denial-of-service (DoS) attacks against affected gear. Impacted are Series Smart Switches, Series Managed Switches and Series Stackable Managed Switches.