<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/04/2020

SHARE

Hacking

BlackShadow hackers extort Israeli insurance company for $1 million

Threat actors are extorting an Israeli insurance company by demanding almost $1 million in bitcoin to stop leaking the company's stolen data. On Monday, a cybercrime group calling themselves 'BlackShadow' tweeted that they hacked into the Israeli Shirbit insurance company and stole files during the attack. "A huge cyberattack has been taken place by Black Shadow team. There has been a massive attack on the network infrastructure of Shirbit Company, which is in israel economic sphere." READ MORE...


Metro Vancouver TransLink hit by Egregor ransomware attack, travellers disrupted

Passengers on Vancouver's transit system were unable to use their credit and debit cards for ticket payments after the service was badly hit by a ransomware attack. TransLink, the public transport operator in Vancouver, Canada, first indicated its IT systems were suffering problems on 1 December, when it said it was "investigating an issue." That "issue" turned out to be the Egregor ransomware, which hijacked TransLink's printers and spewed out a ransom note. READ MORE...


Kmart nationwide retailer suffers a ransomware attack

US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned. Sears Holding Corp originally owned both Kmart and Sears, but after the company filed for bankruptcy in 2018, it was purchased by Transform Holdco LLC (Transformco) in 2019. While Kmart has been a household name in the USA, its number has dwindled over the past two years to only 34 stores remaining. Kmart Windows domain hit with ransomware. READ MORE...

Malware

Credit card stealing malware hides in social media sharing icons

Newly discovered web skimming malware is capable of hiding in plain sight to inject payment card skimmer scripts into compromised online stores. The malware's creators use malicious payloads concealed as social media buttons that mimic high profile platforms such as Facebook, Twitter, and Instagram. Credit card skimmers are JavaScript-based scripts injected by Magecart cybercrime groups in the checkout pages of compromised e-commerce sites. READ MORE...

Information Security

Verizon has been leaking customers' personal information for days (at least)

Verizon is struggling to fix a glitch that has been leaking customers' addresses, phone numbers, account numbers, and other personal information through a chat system that helps prospective subscribers figure out if Fios services are available in their location. The personal details appear when people click on a link to chat with a Verizon representative. When the chat window opens, it contains transcripts of conversations that other customers, either prospective or current, have had. READ MORE...

Exploits/Vulnerabilities

Many Android Apps Expose Users to Attacks Due to Failure to Patch Google Library

A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released. The Google Play Core Library allows Android developers to deliver updates to their applications at runtime, via the Google API, without requiring interaction from the user. The library can be used to download additional language resources, manage the manner in which feature modules and asset packs are delivered, trigger in-app updates, and more. READ MORE...


iPhone hack allowed device takeover over Wi-Fi

Earlier this year, Apple patched a severe security loophole in an iOS feature that could have allowed attackers to remotely gain complete control over any iPhone within Wi-Fi range. However, details about the flaw, which was fixed months ago, were sparse until now. In a blog post of no fewer than 30,000 words, Google Project Zero researcher Ian Beer described how, over a six-month period, he created a radio-proximity exploit that would grant him total control over an iPhone in his vicinity. READ MORE...

On This Date

  • ...in 1956, the Million Dollar Quartet (Elvis Presley, Jerry Lee Lewis, Carl Perkins, and Johnny Cash) have their first (and last) recording session at Sun Studio.
  • ...in 1966, comedic actor and musician Fred Armisen ("Saturday Night Live", "Portlandia") is born in Hattiesburg, MS.
  • ...in 1980, Led Zeppelin formally announces its breakup.
  • ...in 1991, US airline Pan American World Airways ends its operations after 64 years.