<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 11/19/2019

Breaches_ITSEC-1

Macy’s online store compromised in Magecart-style attack

The webshop of noted U.S. department store company Macy’s has been compromised and equipped with an information-stealing JavaScript, which ended up collecting users’ personal and payment card information for a week. According to the notice sent by Macy’s to affected customers, the breach was discovered on October 15, 2019, after they were alerted to a suspicious connection between macys.com and another website. 


Another US state government hit with ransomware, following a brief reprieve

 Louisana's state government has responded to a suspected ransomware attack by shutting down many of its websites and email systems. Every agency in the state (population 4.6 million) has been affected by the shutdown following the attack which follows a spate of other ransomware onslaughts targeting small US towns and cities in recent months. Governor John Bel Edwards confirmed the attack via Twitter, saying the Office of Technology Services (OTS) identified a "cyber security threat" and immediately initiated its security protocols.

Hacking_ITSEC

Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments

It looks like scammers are impersonating one of Russia’s most notorious hacking groups in order to extort victims out of thousands of dollars worth of bitcoin. Multiple companies have reported to the security vendor Akamai that they were hit with a distributed denial-of-service attack, which degrades victims’ web services by overwhelming them with fake traffic. After a brief DDoS hit, victims say they receive an extortion note from a group claiming to be Cozy Bear, a state-sponsored Russian hacking group.

Malware_ITSEC

Shade Ransomware Is the Most Actively Distributed Malware via Email

During the first half of 2019, the Shade Ransomware (also known as Troldesh) was the most actively distributed malware via malicious email phishing campaigns according to Singapore-based Group-IB security outfit. Out of all malspam emails detected and examined by Group-IB’s Computer Emergency Response Team (CERT-GIB), Shade Ransomware was the main malware strain used by attackers to infect their targets' computers in H1 2019.


Linux, Windows Users Targeted With New ACBackdoor Malware

Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines. The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for the Linux platform based on the higher complexity of the Linux variant as Intezer security researcher Ignacio Sanmillan found.

Trends_ITSEC

Office 365 Admins Targeted in Ongoing Phishing Scam

A phishing campaign that uses legitimate organizations’ Office 365 infrastructure to send emails has emerged onto the cyberscam scene. According to Michael Tyler at PhishLabs, cybercriminals are looking to compromise Microsoft Office 365 administrator accounts to send out phishing lures – thus ensuring the emails come from legitimate, validated domains.

Exploits_ITSEC

The way Bluetooth devices ‘talk’ to apps leaves them vulnerable

Mobile apps that work with Bluetooth devices have an inherent design flaw that makes them vulnerable to hacking, a research has found. The problem lies in the way Bluetooth Low Energy devices communicate with the mobile apps that control them, said Zhiqiang Lin, associate professor of computer science and engineering at The Ohio State University. “There is a fundamental flaw that leaves these devices vulnerable – first when they are initially paired to a mobile app, and then again when they are operating,” Lin said.

Software_ITSEC

Google & Samsung fix Android spying flaw. Other makers may still be vulnerable

Until recently, weaknesses in Android camera apps from Google and Samsung made it possible for rogue apps to record video and audio and take images and then upload them to an attacker-controlled server—without any permissions to do so. Camera apps from other manufacturers may still be susceptible. The weakness, which was discovered by researchers from security firm Checkmarx, represented a potential privacy risk to high-value targets, such as those preyed upon by nation-sponsored spies.