IT Security Newsletter - 12/11/2020
Fake data breach alerts used to steal Ledger cryptocurrency wallets
A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients. Ledger is a hardware cryptocurrency wallet that allows you to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and supports 12, 18, or 24-word recovery phrases used by other wallets. Anyone who knows this recovery phrase can use it to access the funds that it secures. READ MORE...
Operation StealthyTrident: corporate software under attack
ESET researchers discovered that chat software called Able Desktop, part of a business management suite popular in Mongolia and used by 430 government agencies in Mongolia (according to Able), was used to deliver the HyperBro backdoor (commonly used by LuckyMouse), the Korplug RAT (also known as PlugX), and a RAT called Tmanger (which was first documented by NTT Security and was used during Operation Lagtime IT campaigns attributed to TA428 by Proofpoint). READ MORE...
Ransomware Gang Hits Exposed MySQL Databases
Exploiting weak credentials on MySQL servers connected to the Internet, an ongoing ransomware campaign has compromised more than 250,000 databases to date, according to a warning from security vendor Guardicore. Dubbed PLEASE_READ_ME, Guardicore said the campaign started as early as January 2020, with more than 83,000 victims successfully breached to date. With more than five million Internet-facing MySQL servers on the internet, the attacks are expected to continue against those with weak authentication credentials. READ MORE...
U.S. warns of increased cyberattacks against K-12 distance learning
K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year. The alert comes from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) based on reports from K-12 institutions incurring cyberattacks. READ MORE...
Google breaks SMS on many Android phones, is rolling back changes now
If the text messages on your Android phone have suddenly stopped working, you're not alone. Google pushed out a bad copy of the Carrier Services app, and the result was broken SMS on many Android phones. It also sounds like the company is rolling back the update and fixing the problem. Carrier Services is a little-known Android system component that popped up on the Play Store in 2017. This highly privileged app with the package name "com.google.android.ims" is part of Android's (IMS). READ MORE...
4 major browsers are getting hit in widespread malware attacks
An ongoing malware campaign is blasting the Internet with malware that neuters the security of Web browsers, adds malicious browser extensions, and makes other changes to users' computers, Microsoft said on Thursday. Adrozek, as the software maker has dubbed the malware family, relies on a sprawling distribution network comprising 159 unique domains with each one hosting an average of 17,300 unique URLs. The URLs, in turn, host an average of 15,300 unique malware samples. READ MORE...
Massive Subway UK phishing attack is pushing TrickBot malware
A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware. TrickBot is a trojan malware infection commonly distributed through phishing campaigns or installed by other malware. When installed, TrickBot performs a variety of malicious behavior, including spreading through a network, stealing saved credentials in browsers, stealing Active Directory Services databases, stealing cookies and OpenSSH keys, stealing RDP, VNC. READ MORE...
Engineers design transistor that disguises key computer chip hardware from hackers
A hacker can reproduce a circuit on a chip by discovering what key transistors are doing in a circuit - but not if the transistor "type" is undetectable. Purdue University engineers have demonstrated a way to disguise which transistor is which by building them out of a sheet-like material called black phosphorus. This built-in security measure would prevent hackers from getting enough information about the circuit to reverse engineer it. Reverse engineering chips is a common practice. READ MORE...
- ...in 1922, actress Maila Nurmi, best known as the original 1950s TV "horror host" Vampira, is born in Gloucester, MA.
- ...in 1926, rhythm and blues singer/songwriter Willie Mae Thornton, AKA Big Mama Thornton, the first artist to record "Hound Dog", is born in Ariton, AL.
- ...in 1968, the Rolling Stones put on the "Rock and Roll Circus" show in London, playing alongside Jethro Tull, the Who, Taj Mahal, and Marianne Faithfull.
- ...in 1974, pro wrestler and lucha libre ambassador Oscar Gutierrez (better known by his ring name, Rey Mysterio) is born in Chula Vista, CA.