IT Security Newsletter - 11/18/2019
Zero-Day Exploits Earn Hackers Over $500K at Chinese Competition
White hat hackers have earned $545,000 for successfully demonstrating zero-day exploits targeting products from VMware, Microsoft, Google, Apple, D-Link, and Adobe at the 2019 Tianfu Cup hacking competition that took place over the weekend in Chengdu, the capital of China's Sichuan province. The highest single reward, $200,000, was received by the team named 360Vulcan for a VMware exploit that allows an attacker to escape from the guest virtual machine to the host.
New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. Its name is NextCry due to the extension appended to encrypted files and that it targets clients of the NextCloud file sync and share service. The malware targets Nextcloud instances and for the time being there is no free decryption tool available for victims.
Trusted certificates make phishing websites appear valid
There has been a rampant growth of look-alike domains, which are often used to steal sensitive data from online shoppers. Venafi analyzed suspicious domains targeting 20 major retailers in the U.S., U.K., France, Germany and Australia and found over 100,000 look-alike domains that use valid TLS certificates to appear safe and trusted. According to the research, growth in the number of look-alike domains has more than doubled since 2018, outpacing legitimate domains by nearly four times.
WhatsApp Vulnerability Allows Code Execution Via Malicious MP4 File
A security vulnerability in WhatsApp that was made public last week could be abused to execute arbitrary code remotely on affected devices. Tracked as CVE-2019-11931, the issue is a stack-based buffer overflow that can be triggered by sending a specially crafted MP4 file via WhatsApp, Facebook explains in an advisory. The buffer overflow occurs when the application parses the elementary stream metadata of an MP4 file.
Healthcare spikes data breach fever, endpoint threat detections grow 60%
The healthcare industry has been overwhelmingly targeted by Trojan malware during the last year, which increased by 82 percent in Q3 2019 over the previous quarter, according to Malwarebytes. The two most dangerous Trojans of 2018–2019 for all industries, Emotet and TrickBot, were the two primary culprits. Emotet detections surged at the beginning of 2019, followed by a wave of TrickBot detections in the second half of the year, becoming the number one threat to healthcare today.