<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/18/2020

SHARE

Top News

World Health Organization Warns of Coronavirus Phishing Attacks

The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware. "Criminals are disguising themselves as WHO to steal money or sensitive information," the United Nations agency says in the Coronavirus scam alert. READ MORE...

Hacking

Krebs on Security: Pay Up, Or We'll Make Google Ban Your Ads

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google's AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher's ads with so much bot and junk traffic that Google's automated anti-fraud systems suspend the user's AdSense account for suspicious traffic. READ MORE...


Iranian Hackers Exploited Enterprise VPN Flaws in Major Campaign

Infamous Iranian hacking groups APT33 and APT34 appear to have been working together for the past three years to compromise dozens of organizations worldwide, and their attacks involved some of the enterprise VPN vulnerabilities disclosed last year, ClearSky reports. Believed to be backed by the Iranian government, APT33 and APT34 are known for their cyber-espionage activities targeting various entities in the Middle East, the United States, Europe, and Asia. READ MORE...


National Portrait Gallery hit by 350,000 email attacks in three months

The National Portrait Gallery was targeted by 347,602 emails containing spam, phishing and malware attacks in the last quarter of 2019, a freedom of information (FOI) request has revealed. Over half of the emails, 194,620, were identified as being directory harvest attacks (DHA), a technique used to harvest valid email addresses belonging to employees and associates of the gallery, according to data collected by think tank Parliament Street. READ MORE...


Hacker Group Catfishes Israeli Soldiers Into Installing Mobile RAT

A hacking group compromised mobile phones belonging to soldiers in the Israel Defense Forces (IDF) using pics of young girls and directing them to download malware disguised as chat apps. Behind this endeavor is an actor identified as APT-C-23, known for cyberattacks in the Middle East and associated with the Hamas militant group. READ MORE...

Exploits/Vulnerabilities

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

Fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing. READ MORE...


Severe vuln in WordPress plugin Profile Builder would happily hand anyone the keys to your kingdom

A vulnerability in a popular WordPress user role plugin lets any random person create an admin-level account on targeted websites. The bug in Profile Builder was given a CVSS score of 10.0 by WordPress security biz Wordfence, though precise details of the bug are not yet available on the usual CVE-tracking websites. Profile Builder is a form-building plugin used mainly for blogs and websites with comment sections. READ MORE...