<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 10/30/2019

Breaches_ITSEC-1

Ransomware Attack Causes School 'District-Wide Shutdown'

A ransomware attack hitting Las Cruces Public Schools forced the district to shut down the entire computer system to contain the infection. Exchanging information with schools is impaired as email and other forms of computer-based communication is no longer possible at this moment. The district activated the crisis response team and is working to restore critical services. It is unclear at this point how long the systems will be down.


City of Johannesburg, on Second Hit, Refuses to Pay Ransom

The city of Johannesburg, South Africa, is refusing to pay a ransom of four Bitcoins to a hacker group who accessed the city’s network and stole sensitive data, threatening to release it if the ransom wasn’t paid. It’s the second time in several months that the city has been hit with a cyberattack demanding ransom. In July, a ransomware attack on Johannesburg’s City Power, which is owned by the city itself, left some residents without electricity for days.


Majority of 2019 breaches were the result of unapplied security patches

Despite a 24% average increase in annual spending on prevention, detection and remediation in 2019 compared with 2018, patching is delayed an average of 12 days due to data silos and poor organizational coordination, ServiceNow study finds. Looking specifically at the most critical vulnerabilities, the average timeline to patch is 16 days.

Hacking_ITSEC

Nuclear Power Plant in India Hit by North Korean Malware: Report

India’s largest nuclear power plant was reportedly hit recently by a piece of malware linked by experts to North Korean hackers, but officials said control systems were not compromised. Reports of a breach at the Kudankulam Nuclear Power Plant located in the Indian state of Tamil Nadu emerged on Monday after a Twitter user posted a VirusTotal link pointing to what appeared to be a sample of a recently discovered piece of malware named Dtrack.

Malware_ITSEC

xHelper Trojan Variant Reinstalls Itself After Removal, Infects 45K

A new xHelper Trojan dropper variant capable of reinstalling itself after being removed or following factory resets has infected more than 45,000 Android devices over the last six months. xHelper's creators mainly deliver it onto devices of targets from the U.S., India, and Russia in the form of a malicious app component with stealth capabilities that allow it to hide from the system's launcher. Trojan droppers are malware strains used to deliver other more dangerous malware to already infected systems such as banking Trojans, clicker Trojans, and ransomware.

Exploits_ITSEC

WhatsApp suit says Israeli spyware maker exploited its app to target 1,400 users

Facebook and its WhatsApp messenger division on Tuesday sued Israel-based spyware maker NSO Group. This is an unprecedented legal action that takes aim at the unregulated industry that sells sophisticated malware services to governments around the world. NSO vigorously denied the allegations. Over an 11-day span in late April and early May, the suit alleges, NSO targeted about 1,400 mobile phones that belonged to attorneys, journalists, human-rights activists, political dissidents, diplomats, and senior foreign government officials. 


ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical

Almost all of hardware vulnerabilities – 90 percent – that were submitted to retail bug bounty programs so far this year were categorized as critical, showing that Point of Sale systems and other retail hardware assets remain a serious security issue. That’s due to the fact that retail hardware assets often lack built-in security features. Hardware assets often require manual updates which can’t be done at scale, making it more difficult and time-consuming to patch systems.

ScienceCulture_ITSEC

50 years ago today, the Internet was born. Sort of

On October 29, 1969, at 10:30pm Pacific Time, the first two letters were transmitted over ARPANET. And then it crashed. About an hour later, after some debugging, the first actual remote connection between two computers was established over what would someday evolve into the modern Internet. Funded by the Advanced Research Projects Agency (the predecessor of DARPA), ARPANET was built to explore technologies related to building a military command-and-control network that could survive a nuclear attack.

Trends_ITSEC

The nastiest ransomware, phishing and botnets of 2019

Webroot released its annual Nastiest Malware list, shedding light on 2019’s worst cybersecurity threats. From ransomware strains and cryptomining campaigns that delivered the most attack payloads to phishing attacks that wreaked the most havoc, it’s clear that cyber threats across the board are becoming more advanced and difficult to detect.