<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/26/2021

SHARE

Hacking

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. Jakub Vavra from the threat operations team of security firm Avast uncovered the campaign, which he dubbed UltimaSMS because one of the first apps he discovered being used to scam people was called Ultima Keyboard Pro, he said in a blog post published Monday. READ MORE...


Kansas Man Admits Hacking Public Water Facility

Roughly seven months after being indicted for his actions, a Kansas man admitted in court to tampering with the systems at the Post Rock Rural Water District. The man, Wyatt Travnichek, 23, of Lorraine, was an employee of the Ellsworth County drinking water treatment facility between January 2018 and January 2019. As part of his role with the facility, he would use a remote login system to monitor the plant after hours, according to documents presented in court. READ MORE...


Conti Ransom Gang Starts Selling Access to Victims

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked. READ MORE...

Malware

If you're using this hijacked NPM library anywhere in your software stack, read this

The US government's Cybersecurity and Infrastructure Security Agency (CISA) has warned developers that a version of the ua-parser-js JavaScript library, available via NPM, was infected with data-stealing and cryptocurrency-mining malware. The package, which is fetched nearly eight million times a week, is used by software to extract information about users' browsers, operating systems, and host hardware from their clients' user-agent strings. READ MORE...


Mozilla blocks malicious add-ons installed by 455K Firefox users

Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates. The add-ons (named Bypass and Bypass XM) were using the API to intercept and redirect web requests to block users from downloading updates, updating remotely configured content, and accessing updated blocklists. READ MORE...

Information Security

Viewing website HTML code is not illegal or "hacking," prof. tells Missouri gov.

The cybersecurity professor who helped uncover the Missouri government's failure to protect teachers' Social Security numbers has demanded that the state cease its investigation into him and stop making "baseless accusations" that he committed a crime. Missouri Gov. Mike Parson threatened to prosecute and seek civil damages from a St. Louis Post-Dispatch journalist who identified a security flaw that exposed the Social Security numbers of teachers and other school employees. READ MORE...

Exploits/Vulnerabilities

Wardrivers Can Still Easily Crack 70% of Wi-Fi Passwords

The same standard that allows wireless devices to remain connected and roam between access points also allows attackers to easily collect critical Wi-Fi keys that can later be hashed to find Wi-Fi network passwords, a researcher found in a wardriving experiment. Security researcher Ido Hoorvitch found he could recover the network passwords for more than 70% of the networks he scanned merely by using information collected as he pedaled his bike along the streets in Tel Aviv, Israel. READ MORE...


Hackers used billing software zero-day to deploy ransomware

An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks. BQE Software, the company behind BillQuick, claims to have a 400,000 strong user base worldwide. The vulnerability, tracked as CVE-2021-42258, can be triggered extremely easily via login requests with invalid characters (a single quote) in the username field. READ MORE...

On This Date

  • ...in 1774, The first Continental Congress, which protested British measures and called for civil disobedience, concludes in Philadelphia.
  • ...in 1881, the Earp brothers and Doc Holliday have a shootout with the Clantons and McLaurys at the O.K. Corral in Tombstone, Arizona Territory.
  • ...in 1940, The P-51 Mustang makes its maiden flight.
  • ...in 1965, the Queen of England awards the Beatles the prestigious MBE at Buckingham Palace.