<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/9/2019

SHARE

Breaches_ITSEC-1

BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets

The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company's networks and stayed active since at least the spring of 2019. BMW's security team spotted the hackers after discovering an instance of the legitimate penetration testing tool Cobalt Strike on a company computer, a tool regularly used in red team testing scenarios to simulate adversaries.


How a nuclear plant got hacked

If you think attacking civilian infrastructure is a war crime, you'd be right, but spies from countries around the world are fighting a silent, dirty war to pre-position themselves on civilian infrastructure — like energy-producing civilian nuclear plants — to be able to commit sabotage during a moment of geopolitical tension. What follows is an explanation of how India's Kudankulam Nuclear Power Plant (KNPP) got hacked — and how it could have been easily avoided.

Hacking_ITSEC

Russian 'Gamaredon' Hackers Back at Targeting Ukraine Officials

The Russian state-sponsored hacking group known as Gamaredon has been targeting various Ukrainian diplomats, government and military officials, and law enforcement since mid-October 2019, threat intelligence company Anomali reports. Active since at least mid-2013 and also known as Primitive Bear, the Gamaredon group was first analyzed in April 2015.

Malware_ITSEC

Fake VPN Site Pushes CryptBot and Vidar Info-Stealing Trojans

A cyberthreat actor has created a web site that promotes a fake VPN program that installs the Vidar and CryptBot password-stealing trojans. These trojans will then attempt to steal saved browser credentials and other information from a victim's computer. While investigating a different malware infection, BleepingComputer stumbled upon a website promoting a VPN program called 'Inter VPN' that claims to be the "fastest VPN".


Ransomware at Colorado IT Provider Affects 100+ Dental Offices

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services.

Exploits_ITSEC

Compromised passwords used on 44 million Microsoft accounts

44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking due to use of compromised passwords, Microsoft has shared. The discovery was made in the first quarter of 2019, when the company’s identity threat research team checked billions of credentials compromised in different breaches against Microsoft consumer and enterprise account credentials.


Email Voted a Weak Link for Election Security, with DMARC Lagging

As the 2020 Presidential election looms closer in the United States, a key focus will be on securing election infrastructure to prevent tampering. In a recent analysis, researchers found that email remains a potential weak link, with most counties failing to implement DMARC protections. DMARC (which stands for Domain-based Message Authentication, Reporting and Conformance) is an industry standard that flags messages where the “from” field in an email header has been tampered with.

Software_ITSEC

NVIDIA Patches Severe Flaws in Mercedes Infotainment System Chips

NVIDIA released security updates for six high severity vulnerabilities found in the Tegra Linux Driver Package (L4T) for Jetson AGX Xavier, TK1, TX1, TX2, and Nano chips used in Mercedes-Benz's MBUX infotainment system and Bosch self-driving computer systems. The chips affected by these flaws are also used in HP and Acer Chromebooks [1, 2], Android tablets, Nintendo Switch video game consoles, and Magic Leap One virtual retinal displays.