IT Security Newsletter - 11/03/2020
Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation
Aleksandr Brovko, formerly of the Czech Republic, will serve eight years in prison for his role in operating a scheme to steal and traffic sensitive personal and financial information in an operation that resulted in a loss to victims of some $100 million. Brovko, a Russian national, was sentenced on October 30 after pleading guilty in February to conspiracy to commit bank and wire fraud. READ MORE...
BEC attacks increase in most industries, invoice and payment fraud rise by 155%
BEC attacks increased 15% quarter-over-quarter, driven by an explosion in invoice and payment fraud, Abnormal Security research reveals. "As the industry's only measure of BEC attack volume by industry, our quarterly BEC research is important for CISOs to prepare and stay ahead of attackers," said Evan Reiser, CEO of Abnormal Security. "Not only are BEC campaigns continuing to increase overall, they are rising in 75% of industries that we track." READ MORE...
Google Patches Actively Exploited Chrome Vulnerabilities
Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks. Chrome 86.0.4240.183 for Windows, macOS, and Linux was pushed to the stable channel with patches for a total of seven vulnerabilities, all of which feature a severity rating of high. Google said it awarded $36,000 in bug bounty rewards to the researchers who discovered the newly addressed vulnerabilities. READ MORE...
Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw
Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability (CVE-2020-14750) has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication (meaning it may be exploited over a network without the need for a username and password). While specific details of the flaw were not disclosed, Oracle's alert said it exists in the Console of the Oracle WebLogic Server and can be exploited via the HTTP network protocol. READ MORE...
WordPress Pushes Out Multiple Flawed Security Updates
The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update. The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455 million websites a WordPress update (5.5.2) that caused new WordPress installs to fail. READ MORE...
Hospital ransomware: Gangs are back to target healthcare
Healthcare is not in a good place right now. With some countries and states deciding to go back in to lockdown due to the continued rise of reported COVID-19 infections-and several garnering record-high numbers compared to when almost every country initially went into lockdown-it seems horrible timing that hospital ransomware is back in the news. But cybercriminals behaving like criminals isn't something that we should be shocked about. READ MORE...
Researcher Warns 100,000 Devices Still Vulnerable to SMBGhost Attacks
Over 100,000 computers remain affected by the Windows vulnerability known as SMBGhost, more than half a year after a patch was rolled out, new research reveals. Tracked as CVE-2020-0796 and featuring a CVSS score of 10, the critical vulnerability was addressed in March 2020 via an out-of-band update. Weeks later, information on how it can be abused to escalate privileges and cause a denial of service condition was made public. READ MORE...
GitHub breaks site layout after forgetting to renew certificate
This morning, GitHub's pristine layout vanished off of the repository, in what looks like a miss on the company's part in renewing an SSL certificate. Soon, reports emerged all over the internet from users who had to endure a broken GitHub experience. The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from correctly loading on GitHub. READ MORE...
- ...in 1908, Cincinnati-born William Howard Taft is elected as the 27th President of the United States of America.
- ...in 1931, the first commercially produced synthetic rubber is manufactured.
- ...in 1952, Clarence Birdseye first markets frozen peas.
- ...in 1957, The Soviet Union launches Sputnik 2. On board is the first animal to enter orbit: A dog named Laika.