<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 2/10/2020

Top News

Coronavirus phishing attack disguised as message from the CDC

With the number of people infected by the Coronavirus increasing around the world, online criminals are showing more signs of exploiting public concern. Security researchers at Kaspersky have identified as phishing campaign that poses as an email from the United States' CDC (Centers of Disease Control). READ MORE...

Hacking

Facebook's Twitter account is hijacked by notorious OurMine hacking group

Facebook's official Twitter account started posting message from the OurMine hacking gang just before midnight UK time on Friday. And, it appears the official Facebook Messenger account was similarly impacted. The Verge is reporting that Facebook's Instagram account has been similarly compromised. OurMine is the same hacking gang which hijacked the social media accounts of 16 NFL teams just last month. READ MORE...

Software Updates

Windows 7 Users Suddenly Can't Shut Down Their PCs, How to Fix

A "You don't have permission to shut down this computer." error is preventing Windows 7 from shutting down or restarting their computers according to user reports that came in during the last 24 hours. "This happened to a couple of our machines today. I looked it up and it seems that in the past 24 hours this is becoming widespread," a Bleeping Computer reader told us. READ MORE...


Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and send data over to it in clear text. When using an HTTPS website, on the other hand, the browser checks that it has a legitimate SSL certificate before sending data in encrypted form. READ MORE...

Malware

Why you can't bank on backups to fight ransomware anymore

Not every ransomware attack is an unmitigated disaster. But even the most prepared organizations, it seems, can have small-scale disasters in the era of mass scans, spear phishes, and targeted ransomware. Just a few months after staging a ransomware exercise for its member credit unions, the Credit Union National Association (CUNA) experienced what a spokesperson described as a "business disruption issue" caused by ransomware. READ MORE...

Information Security

Cyborgs, Trolls and Bots: A Guide to Online Misinformation

Cyborgs, trolls and bots can fill the internet with lies and half-truths. Understanding them is key to learning how misinformation spreads online. As the 2016 election showed, social media is increasingly used to amplify false claims and divide Americans over hot-button issues including race and immigration. Researchers who study misinformation predict it will get worse leading up to this year's presidential vote. Here's a guide to understanding the problem. READ MORE...

Exploits/Vulnerabilities

Windows trust in abandoned code lets malware burrow into targeted machines

Attackers behind one of the world's more destructive pieces of ransomware have found a new way to defeat defenses that might otherwise prevent the attack from encrypting data: installing a buggy driver first and then hacking it to burrow deeper into the targeted computer. The ransomware in this case is RobbinHood, known for taking down the city of Baltimore networks and systems in Greenville, North Carolina. READ MORE...


Critical Citrix RCE Flaw Still Threatens 1,000s of Corporate LANs

About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller (ADC) and Citrix Gateway are still at risk from a trivial attack on their internal operations. If exploited, the flaw could allow unauthenticated attackers to gain remote access to a company's local network and carry out arbitrary code-execution. Researchers told Threatpost that other attacks are also possible, including denial-of-service, data theft, infiltration, and phishing. READ MORE...