IT Security Newsletter

IT Security Newsletter - 2/4/2020

Written by Cadre | Tue, Feb 4, 2020

New ransomware doesn’t just encrypt data. It also meddles with critical infrastructure

Over the past five years, ransomware has emerged as a vexing menace that has shut down factories, hospitals, and local municipalities and school districts around the world. In recent months, researchers have caught ransomware doing something that's potentially more sinister: intentionally tampering with industrial control systems that dams, electric grids, and gas refineries rely on to keep equipment running safely.

New EmoCheck Tool Checks if You're Infected With Emotet

A new utility has been released by Japan CERT (computer emergency response team) that allows Windows users to easily check if they are infected with the Emotet Trojan. The Emotet Trojan is one of the most actively distributed malware that is spread through phishing emails with malicious Word document attachments.

DoppelPaymer Ransomware Sells Victims' Data on Darknet if Not Paid

The DoppelPaymer Ransomware is the latest family threatening to sell or publish a victim's stolen files if they do not pay a ransom demand. A new tactic being used by ransomware operators that perform network-wide encryption is to steal a victim's files before encrypting any devices. They then threaten to publish or sell this data if the victim does not pay the ransom.

Bouygues Construction Shuts Down Network to Thwart Maze Ransomware

French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware. In a statement posted to their website, Bouygues stated that they shut down their computer network on January 30th, 2020, as a "precautionary measure" to prevent a ransomware attack from propagating further.

Man admits hacking Nintendo, leaking details of Switch games console

A 21-year-old Californiana man has pleaded guilty to hacking into into the servers of Nintendo and stealing confidential information about the (then upcoming) Nintendo Switch video game console. The case dates back to 2016 when Ryan S Hernandez, who was a minor at the time, and an associate successfully phished the login credentials of a Nintendo employee and were able to gain access and download confidential product information.

Six Arrested in UK Over Malta Bank Cyber-Heist

Six individuals were arrested in the United Kingdom last week for their involvement in a bank cyber-heist and money laundering operation. The arrests were made in connection to the laundering of money stolen in February 2019 from Malta's Bank of Valletta, after cyber-criminals used malware to access the bank’s systems and illegally remove around €13 million (~$14.36 million).

Twitter discloses API vulnerability that allowed snoops to tie phone numbers to accounts

Twitter says it has beefed up security after a “large network of fake accounts” was able to match phone numbers to Twitter accounts using a vulnerability in the platform’s application programming. The vulnerability in Twitter’s application programming interface (API), a set of protocols that govern how data interacts with a particular website, allowed someone to upload a slew of phone numbers and correlate them with user accounts.

Attackers Actively Targeting Flaw in Door-Access Controllers

Attackers are actively trying to exploit a critical, previously disclosed command injection flaw in a door access-controller system from Nortek Security and Control LLC to use the device to launch distributed denial-of-service attacks (DDoS). SonicWall, which reported on the threat Saturday, said its researchers have observed attackers scanning the entire IPv4 address range space for the vulnerable systems in recent days.

Medtronic Releases Patches for Cardiac Device Flaws Disclosed in 2018, 2019

Medical device company Medtronic informed customers last week that it has released patches for some cardiac device vulnerabilities disclosed in 2018 and 2019. The vendor says it takes time to develop and validate patches for such complex and safety-critical devices. Both Medtronic and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) updated their original advisories last week to inform users about the availability of patches.