<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 11/25/2019

Breaches_ITSEC-1

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business, but also to the untimely demise of some patients.


1.2B Records Exposed in Massive Server Leak

Security researchers have discovered an unsecured server containing 4 terabytes of personal data — 1.2 billion records in total — exposed and easily accessible online, Wired reported today. The open server held profiles of hundreds of millions of people. Leaked data includes home and cellphone numbers; social media profiles for Facebook, Twitter, LinkedIn, and Github; work histories seemingly pulled from LinkedIn; nearly 50 million unique phone numbers; and 622 million unique email addresses.

Hacking_ITSEC

APT33 has shifted targeting to industrial control systems software, Microsoft says

In the last two months, an aggressive hacking group linked with the Iranian government has made a troubling shift in its targeting, security researchers at Microsoft say. Instead of simply probing IT networks, the hackers have gone after a series of industrial control system (ICS) products used in the energy sector. Given that the group, known as APT33, has been linked with data-wiping hacks in the past, the new activity has analysts’ full attention.


A new era of cyber warfare: Russia’s Sandworm shows “we are all Ukraine” on the internet

Speakers at this year’s CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently.

Trends_ITSEC

Scammers try a new way to steal online shoppers’ payment-card data

Thieves have devised a new way to steal payment-card data from online shoppers—or at least it's new to the researcher who found it. Rather than infecting a merchant's checkout page with malware that skims the information, the thieves trick users into thinking they've been redirected to an authorized third-party payment processor. So-called payment-service platforms are common in the world of ecommerce, particularly for sites that don't have the resources to harden their servers against sophisticated attacks.

Exploits_ITSEC

Critical Flaws in VNC Threaten Industrial Environments

The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution (RCE). According to researchers at Kaspersky, they potentially affect 600,000 web-accessible servers in systems that use the code.

Malware_ITSEC

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways

Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise (BEC) attacks. According to a Cofense report posted Thursday, the malware is delivered inside an .IMG file hosted on a hacker-controlled Dropbox account.


TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys

The Trickbot banking trojan keeps evolving according to researchers who spotted this week an updated password grabber module that could be used to steal OpenSSH private keys and OpenVPN passwords and configuration files. TrickBot (also known as Trickster, TrickLoader, and TheTrick) is a modular and constantly updated malware continuously upgraded with new capabilities and modules since October 2016 when it was initially spotted in the wild.

Software_ITSEC

Windows 10 Upgrades Blocked if Using Old Versions of AVG, Avast

If you are using older versions of Avast or AVG Antivirus, Microsoft has placed a compatibility hold that will prevent you from upgrading to Windows 10 1903 or Windows 10 1909 until you upgrade to a newer version of the antivirus software. In a support notice to the Windows 10 Health Dashboard for Windows 10 1903 and 1909, Microsoft has stated that users who have AVG or Avast Antivirus versions 19.5.4444.567 or lower installed will be prevented from installing the May 2019 Update and the November 2019 Update.