<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 11/6/2019


Facebook: Third-Party App Developers Improperly Accessed User Information

Facebook says that 100 third-party application developers continued to access user information via the Groups API even after access to the data was restricted. The API was designed as an interface between Facebook and software that can be integrated with user groups on the social platform, and it provides app developers with access to a specific set of information on the group and its members.


Tipped off by an NSA breach, researchers discover new APT hacking group

With a tip that came from one of the biggest breaches in US National Security Agency history, researchers have discovered a new hacking group that infected targets with a previously unknown piece of advanced malware. Hints of the APT—short for advanced persistent threat—group first emerged in April 2017. That's when a still-unidentified group calling itself the Shadow Brokers published exploits and code developed by, and later stolen from, the NSA.

Google Analytics Emerges as a Phishing Tool

Cybercriminals are leveraging key technical markers used in web analytics—particularly Google Analytics—to create more sophisticated and targeted phishing attacks, new research has found. However, this also makes them more susceptible to detection by organizations defending their sites against attacks, researchers said. With 56.1 percent of websites now using analytics to generate reports on user behavior and page views, and to track user activity throughout sites, cybercriminals have caught on and are leveraging these and other uses of analytics for their own dirty work, the report found.


New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data

A new version of the MegaCortex Ransomware has been discovered that not only encrypts your files, but now changes the logged in user's password and threatens to publish the victim's files if they do not pay the ransom. For those not familiar with MegaCortex, it is a targeted ransomware installed through network access provided by trojans such as Emotet. Once the MegaCortex actors gain access, they then push the ransomware out to machines on the network via an active directory controller or post-exploitation kits.

Android keyboard app caught red‑handed trying to make sneaky purchases

The Android version of the popular virtual keyboard app ai.type has attempted to make over 14 million unauthorized transactions that could have cost the users US$18 million in unwanted charges, reads a report from mobile technology firm Upstream. The attempted purchases came from 110,000 unique devices across 13 countries. Traffic was mainly high in North Africa and South America, with the illicit activity going through the roof in July of this year and continuing for the following two months. This was actually after the app was pulled from the Google Play store in June.


Defenders can discover phishing sites through web analytics IDs

An increasing number of phishing websites use web analytics services and have unique tracking IDs in their code, security researchers have found. Whether intentional or accidental, the use of such IDs can help defenders discover phishing pages that are used across large attack campaigns. Researchers from content delivery network Akamai analyzed a set of 54,261 active phishing pages served from 28,906 unique domains and found that 874 domains had web analytics IDs associated with them.


Google Patches Critical Flaws in Android's System Component

Google this week released its November 2019 set of security patches for Android to address nearly 40 vulnerabilities affecting the platform, including critical flaws in the System component. The first part of the November 2019 Android Security Bulletin, namely the 2019-11-01 security patch level, resolves a total of 17 flaws in Framework, Library, Media framework, and System.