IT Security Newsletter - 12/6/2019
Feds Offer $5M Reward to Nab ‘Evil Corp’ Dridex Hacker
U.S. authorities are offering up $5 million for information leading to the arrest of Evil Corp. leader Maksim V. Yakubets, 32, of Russia, who goes under the moniker “aqua.” The U.S. alleges that Yakubets and his company have stolen millions of dollars from victims using the Dridex banking trojan and Zeus malware. Separately, the U.S. Treasury Department on Thursday issued sanctions against Evil Corp, “as part of a sweeping action against one of the world’s most prolific cybercriminal organizations.”
Scammers dupe Chinese venture capitalists out of $1 million with the 'ultimate' BEC heist
Scammers fleeced a Chinese venture capital firm out of a $1 million payment meant for a startup by using malicious emails to steal the cash, according to new findings from Check Point Technologies. As part of the scheme, thieves posed as employees from an Israeli company hoping to raise seed funding from Chinese venture capitalists.
Krebs on Security: Apple Explains Mysterious iPhone 11 Location Requests
KrebsOnSecurity ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this behavior is tied to the inclusion of a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.
Cookie-stealing malware wants to know your Facebook ad budget
Ransomware still hogs the “malware attack” headlines these days, for obvious reasons. But there are still plenty of other malware families out there to worry you, including some that go after data you probably never thought crooks would care about. For example, just under 18 months ago, our researchers looked into a malware strain they dubbed AdKoob, which featured code that tried to sneak into your Facebook acount to peek at how you were spending your online ad money.
Mac users targeted by Lazarus ‘fileless’ Trojan
The Lazarus hacking group has been caught trying to sneak a new ‘fileless’ Trojan on to Apple macOS computers disguised as a fake cryptocurrency trading application. The discovery was reported by K7 Computing’s Dinesh Devadoss to Mac security expert Patrick Wardle, who immediately spotted similarities to previous attacks. The first of these, from 2018, was the ‘Apple.Jeus’ malware, which also used a cryptocurrency trading application to lure high-value targets in order to steal cryptocoins.
OpenBSD Hit with Authentication, LPE Bugs
An authentication bypass and three local privilege-escalation (LPE) bugs have been uncovered in OpenBSD, the Unix-like open-source operating system known for its security protections. The most severe of the vulnerabilities is the bypass (CVE-2019-19521), which is remotely exploitable. OpenBSD uses BSD authentication, which enables the use of passwords, S/Key challenge-and-response authentication and Yubico YubiKey tokens.
New Linux Vulnerability Lets Attackers Hijack VPN Connections
Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard.
Weidmueller Patches Critical Vulnerabilities in Industrial Switches
Germany-based industrial connectivity solutions provider Weidmueller has released firmware updates for many of its managed industrial Ethernet switches to address critical vulnerabilities. Weidmueller has six manufacturing plants and a presence in 60 locations around the world. According to the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), the impacted products are used worldwide, particularly in the critical manufacturing and IT sectors.