<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/18/2019

SHARE

Hacking_ITSEC

Cozy Bear kept moving after 2016 election, ESET says

One of the Kremlin-linked hacking groups that breached the Democratic National Committee in 2016 has remained active in the years that followed, even if it’s been less visible. Cozy Bear, also known as APT29 and the Dukes, began using different malicious software and new hacking techniques after 2016, according to findings published Thursday by the Slovakian security firm ESET. There wasn’t much public evidence of the group’s activity, but researchers say it did not go quiet after interfering in the U.S. presidential election.

Malware_ITSEC

Fake WordPress Plugin Comes with Cryptocurrency Mining Function

Malicious plugins for WordPress websites are being used not just to maintain access on the compromised server but also to mine for cryptocurrency. Researchers at website security company Sucuri noticed the number of malicious plugins increase over the past months. The components are clones of legitimate software, altered for nefarious purposes. Normally, these fake plugins are used to give attackers access to the server even after the infection vector is removed.


A malicious Tor browser is helping scammers steal bitcoin, researchers say

Thieves are using malware that masquerades as Tor, the anonymizing internet browser, to steal money from Russian-speaking people on the dark web, researchers said Friday. The operation uncovered by researchers at Slovakian cybersecurity company ESET has netted the unidentified attackers some $40,000 in bitcoin so far, but the amount could be larger. “They likely stole more in Qiwi,” said Robert Lipovsky, a senior malware researcher at ESET, referring to a Russian payment service.

Breaches_ITSEC-1

Indiana Hospital System Notifying Patients After Data Breach

A northwestern Indiana hospital system is warning more than 68,000 patients that their personal information, including Social Security numbers and health records, may have been exposed during a data breach. Methodist Hospitals has been mailing letters to patients detailing the steps they can take to safeguard themselves against possible fraud, The (Northwest Indiana) Times reported Wednesday.


Zappos Offers Users 10% Discount in 2012 Breach Settlement

Online retailer Zappos will give customers a 10 percent discount to its online store as settlement for a 2012 data breach that affected 24 million customers, while lawyers in the case will win $1.6 million in fees. The news shows customers once again getting the short end of the stick when it comes to financial restitution for data breaches, in which lawyers and government regulators tend to get the biggest payoff.

Exploits_ITSEC

Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws

Cisco Systems has released a security update stomping out critical and high-severity flaws impacting its Aironet access points, which are entry-level wireless access points (APs) used by mid-size enterprises in their offices or small warehouses. It also issued a slew of additional patches addressing other flaws in its products. The most severe of the AP bugs is a critical glitch that could allow unauthenticated, remote attackers to gain unauthorized access to targeted devices.


Unpatched Linux bug may open devices to serious attacks over Wi-Fi

A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said. The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device.


Millions of Amazon Echo and Kindle Devices Affected by WiFi Bug

Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network. KRACK, or Key Reinstallation Attack, is a vulnerability in the 4-way handshake of the WPA2 protocol that was disclosed in October 2017 by security researchers Mathy Vanhoef and Frank Piessens.


Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS

A pair of bugs in the Kubernetes open-source cloud container software can be “highly dangerous” under some Kubernetes configurations, according to researchers. The flaws, CVE-2019-16276 and CVE-2019-11253, have been patched in Kubernetes builds 1.14.8, 1.15.5 and 1.16.2. Exploitation of the first issue, CVE-2019-16276, is “very simple,” according to Ariel Zelivansky and Aviv Sasson at Palo Alto Networks – and could allow an attacker to bypass authentication controls to access a container.