<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 2/14/2020

Top News

Pentagon, FBI, DHS jointly expose a North Korean hacking effort

The Pentagon, FBI, and Department of Homeland Security have publicly identified a North Korean hacking campaign as part of a broad information sharing program intended to warn industry against adversarial hacking. The public disclosure includes details about at least seven different malware samples linked with North Korean hacking efforts. The samples point to cyber-espionage activities carried out by an actor the U.S. refers to as Hidden Cobra, previously associated with the North Korean government. READ MORE...

Breaches

U.S. Store Chain Rutter's Hit by Credit Card Stealing Malware

Rutter's, a U.S. convenience store, fast food restaurant, and gas station chain owner, has disclosed today that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers' credit card information. Headquartered in Central Pennsylvania, Rutter's is a family-owned group of companies with a history dating back to 1747 that operates more than 75 locations throughout Pennsylvania, Maryland, and West Virginia. READ MORE...

Hacking

Puerto Rico Gov Hit By $2.6M Phishing Scam

A phishing scam has swindled a Puerto Rico government agency out of more than $2.6 million, according to reports. According to reports, the email-based phishing scam hit Puerto Rico's Industrial Development Company, which is a government-owned corporation aimed at driving economic development to the island along with local and foreign investors. The agency reportedly received an email alleging a change to a banking account tied to remittance payments. READ MORE...

Exploits/Vulnerabilities

Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App, Researchers Say

Security researchers have found key flaws in a mobile voting app that some states plan to use in the 2020 election that can allow hackers to launch both client- and server-side attacks that can easily manipulate or even delete someone's vote, as well as prevent a reliable audit from taking place after the fact, they said. A team of researchers at MIT released a security audit of Voatz that they said bolsters the case for why internet voting is a bad idea and voting transparency is the only way to ensure legitimacy. READ MORE...


Cookie-nabbing app could have served users side helping of XSS

A popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to cookie-stealing cross-site scripting (XSS) attacks. The GDPR Cookie Consent plugin, created by WebToffee, claims over 700,000 users. The plug-in is a notification app that begs you to accept cookies when you first visit a WordPress site. Website owners use tools like this to stay compliant with GDPR, which points to cookies as a form of online identifier and therefore subject to its consent rules. READ MORE...