<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/17/2019

SHARE

Breaches_ITSEC-1

Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say

Investigators probing the Capital One data breach say they have between 20 and 30 terabytes of data in their possession as they prepare for trial against the alleged hacker, Paige Thompson, according to court documents obtained by CyberScoop. The government now is parsing through millions of individual files, prosecutors said, as well as a spreadsheet agents say they found recently on Thompson’s computer, which contains aggregated information apparently stolen from Capital One.

Hacking_ITSEC

Russian Hackers Silently Hit Government Targets for Years

Russia-linked threat actor APT29 has been successfully avoiding detection for the past three years while compromising multiple government targets, ESET’s security researchers report. Also known as the Dukes, CozyDuke, and Cozy Bear, the state-sponsored group has been active for over a decade and is believed to have been involved in the 2016 attacks against the Democratic National Committee (DNC), the formal governing body for the U.S. Democratic Party.


Silent Librarian Retools Phishing Emails to Hook Student Credentials

Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection. The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has been on the prowl for credentials since the start of the 2019 school year in September, launching low-volume, highly-targeted, socially engineered emails that eventually trick students into handing over their login credentials.

Malware_ITSEC

.WAVs Hide Malware in Their Depths in Innovative Campaign

Audio .WAV files are the latest hiding place for obfuscated malicious code; a campaign has been spotted in which malicious content was secretly woven throughout the file’s audio data. The embedded code consists of one of three different loader components for decoding and executing malware, according to BlackBerry Cylance threat researchers. Users are likely none the wiser: When played, the WAV files either produce music that has no discernible quality issues or glitches, or, in some simply, generate static white noise.

Exploits_ITSEC

Why do we use it?

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using 'Content here, content here', making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for 'lorem ipsum' will uncover many web sites still in their infancy. Various versions have evolved over the years, sometimes by accident, sometimes on purpose (injected humour and the like).

Software_ITSEC

Oracle's October 2019 Critical Patch Update Includes 219 Fixes

Oracle this week announced the release of its last Critical Patch Update of 2019, which includes a total of 219 new security fixes across various product families. More than 140 of the vulnerabilities addressed this month can be exploited remotely without authentication. Nineteen of the patches were issued for vulnerabilities that are considered Critical severity, featuring a CVSS score above 9.0.


WordPress 5.2.4 Patches Six Vulnerabilities

WordPress 5.2.4, which WordPress developers released this week, patches six vulnerabilities, including cross-site scripting (XSS), unauthorized access, server-side request forgery (SSRF), and cache poisoning issues. The latest update, which WordPress developers have described as a short-cycle security release, addresses vulnerabilities impacting WordPress 5.2.3 and earlier. Updates are also available for WordPress 5.1 and prior for users who have yet to upgrade to the 5.2 branch.