IT Security Newsletter - 11/17/2020
Dozens of ransomware gangs partner with hackers to extort victims
Ransomware-as-a-service (RaaS) crews are actively looking for affiliates to split profits obtained in outsourced ransomware attacks targeting high profile public and private organizations. RaaS services are viewed by some as ransomware renting service where the threat actors who breach the targets' networks pay a fee to use the RaaS crew's malware. In reality, only the lowest quality ransomware is rented, or sold, in this manner. READ MORE...
Hacked Security Software Used in Novel South Korean Supply-Chain Attack
The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in order to deliver dropper malware that eventually plants a remote access trojan on victim's PCs. The attacks use stolen digital certificates from two security firms, which allow Lazarus operators to corrupt a browser plug-in designed to protect users from being hacked. READ MORE...
Exposed Database Reveals 100K+ Compromised Facebook Accounts
Researchers have uncovered a wide-ranging global scam targeting Facebook users, after finding an unsecured database used by fraudsters to store the usernames and passwords of at least 100,000 victims. Researchers said that the cybercriminals behind the scam were tricking Facebook victims into providing their account login credentials by using a tool that pretended to reveal who was visiting their profiles. READ MORE...
A Hacker's Holiday: How Retailers Can Avoid Black Friday Cyber Threats
Starting on Nov. 27, online retailers of all sizes will find out if their e-commerce capabilities are ready for prime time or not. In November 2019, Macy's confirmed the presence of credit card-skimming Magecart malware on its checkout and wallet pages just as Black Friday and the holiday shopping season approached. Macy's indicated that the malware allowed a third party to capture customers' data on the pages if they input their credit card information and clicked "place order." READ MORE...
New tool lets attackers easily create reply-chain phishing emails
A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox. By slipping content in the normal email flow, the utility can help bypass protections that verify messages traveling to their destination mail server. Called "Email Appender," the tool can enable more sophisticated phishing and business email compromise (BEC) attacks as well as help the less technical actors in the ransomware business. READ MORE...
How to speed up malware analysis
Today malware evolves very fast. Loaders, stealers, and different types of ransomware change so quickly, so it's become a real challenge to keep up with them. Along with that analysis of them becomes harder and more time-consuming. But cybersecurity specialists can't waste their time, waiting can cause serious damage. So, how to avoid all of that and speed up malware analysis? Let's find out. Malware analysis: The goal of malware analysis is to research a malicious sample: its functions, origin. READ MORE...
IRS announces move to protect businesses from identity theft
The U.S. Internal Revenue Service (IRS) has announced today that sensitive information will be masked on all business tax transcripts starting next month to protect companies from identity theft. Business identity theft happens when company owners or employees are impersonated by third parties in the process of committing fraud such as illegally obtaining cash, credit, and loans, leaving the business to deal with the resulting debts. READ MORE...
Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs
Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system. Those are part of a batch of twelve vulnerabilities flagged in July 2020 by Florian Hauser, a security researcher and red teamer at Code White. About the Cisco Security Manager vulnerabilities. READ MORE...
Twitter hires influential hacker Peiter 'Mudge' Zatko as security boss
Facing some of the most persistent security challenges of its 14-year existence, Twitter has turned to Peiter "Mudge" Zatko, a renowned computer security expert, and given him a broad mandate to bolster security at the social media platform. Zatko is the company's new "head of security," reporting directly to CEO Jack Dorsey, Reuters first reported Monday. The news comes after Twitter said in September it had hired Rinki Sethi as chief information security officer. READ MORE...
- ...in 1869, the Suez Canal opens in Egypt, linking the Mediterranean Sea and Red Sea.
- ...in 1942, American film director and producer Martin Scorsese ("Taxi Driver", "Goodfellas") is born in Queens, New York.
- ...in 1950, 15-year-old Tenzin Gyatso is enthroned as Tibet's 14th Dalai Lama.
- ...in 1978, the infamously terrible "Star Wars Holiday Special" airs only once on CBS and is disavowed by George Lucas, but is not forgotten thanks to videotape and Youtube.