IT Security Newsletter - 12/19/2019
Macy’s breach is a game-changing Magecart attack
The payment card breach that hit Macy’s online store in October was the result of a highly targeted and custom-built Magecart attack that could set the trend for web skimmers going forward, researchers believe. On November 14, US department store chain Macy’s alerted customers of a security breach discovered in October on its website that led to the compromise of payment card details and customer information, including full names, addresses, telephone numbers and email addresses.
Honda Exposes 26,000 Records of North American Customers
Automotive giant Honda exposed roughly 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers after misconfiguring an Elasticsearch cluster on October 21, 2019. Honda's security team in Japan promptly secured the publicly accessible server within just a few hours after being contacted by Security Discovery researcher Bob Diachenko on December 12.
Attackers Posing as German Authorities Distribute Emotet Malware
An active malspam campaign is distributing Emotet banking Trojan payloads via emails camouflaged to look like messages delivered by several German federal authorities warns the BSI, Germany's federal cybersecurity agency. The attackers behind this malicious campaign have already successfully infected a number of federal administration authorities during the last few days according to reports cited by the BSI.
New BlueKeep Scanner Lets You Find Vulnerable Windows PCs
A new scanning tool is now available for checking if your computer is vulnerable to the BlueKeep security issue in Windows Remote Desktop Services. Despite Microsoft rolling out a patch in mid-May, there are tens of thousands of devices exposing a Remote Desktop Protocol (RDP) service to the public internet. BlueKeep (CVE-2019-0708) is a vulnerability that leads to remote code execution and could be leveraged to spread malware across connected systems without any interaction from the user.
The anatomy of the MyKings botnet, and why it matters for security
Deconstructing a zombie army of comprised computers — commonly known as a botnet — can tell you a lot about the security weaknesses over a range of digital infrastructure. The unpatched machines the botnet preys on, the protocols it uses, and the malicious code it distributes come into sharp focus. A new study of the MyKings botnet — a notorious horde of computers that has netted crooks some $3 million — by antivirus firm Sophos highlights how Windows servers are vulnerable to a range of attacks from the botnet.
Ring Plagued by Security Issues, Flood of Hacks
Serious security holes in the Ring smart doorbell have been uncovered, according to a new investigation. For instance, Ring owners aren’t notified of suspicious login alerts when devices are accessed on various IP addresses — and there are seemingly no limitations for incorrect login attempts. The new findings, based on Motherboard’s security tests on the Amazon-owned connected doorbell, come on the heels of several privacy and security incidents relating to Ring this past year.
Microsoft Issues Out-of-Band Update for SharePoint Bug
Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. According to a Microsoft Security Advisory, an attacker could exploit the bug (CVE-2019-1491) to obtain sensitive information and then use that information to mount further attacks. “An information disclosure vulnerability exists in SharePoint Server. An attacker who exploited this vulnerability could read arbitrary files on the server,” according to the advisory, published on Tuesday.