IT Security Newsletter - 2/5/2020
FBI Warns of DDoS Attack on State Voter Registration Site
The US Federal Bureau of Investigation (FBI) warned of a potential Distributed Denial of Service (DDoS) attack that targeted a state-level voter registration and information site in a Private Industry Notification (PIN) released today. PRSD attacks are a type of DDoS attack used by threat actors to disrupt DNS record lookups by flooding a DNS server with large amounts of DNS queries against non-existing subdomains.
Twitter API Abused to Uncover User Identities
Twitter said that malicious actors, with potential ties to state-sponsored groups, were abusing a legitimate function on its platform to unmask the identity of users. The social media giant said that on Dec. 24, 2019, it discovered a large network of fake accounts abusing a legitimate API (application programming interface) function on its platform that, when used as intended, allows accounts to find Twitter users that they may already know by matching phone numbers to their Twitter account names.
Ransomware Attack Hinders Toll Group Operations
Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week. Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating across more than 1,200 locations in 50 countries. The company is often used by e-commerce giants like eBay to transport anything from bulk commodities to critical spare parts and medical supplies, according to its website.
Krebs on Security: Booter Boss Busted By Bacon Pizza Buy
A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today. While the young man’s punishment was heavily tempered by his current poor health, the defendant’s dietary choices may have contributed to both his capture and the lenient sentencing: Investigators say the onetime booter boss’s identity became clear after he ordered a bacon and chicken pizza delivered to his home using the same email address he originally used to register his criminal attack service.
Serious flaw that lurked in sudo for 9 years hands over root privileges
Sudo, a utility found in dozens of Unix-like operating systems, has received a patch for a potentially serious bug that allows unprivileged users to easily obtain unfettered root privileges on vulnerable systems. The vulnerability, tracked as CVE-2019-18634, is the result of a stack-based buffer-overflow bug found in versions 1.7.1 through 1.8.25p1. It can be triggered only when either an administrator or a downstream OS, such as Linux Mint and Elementary OS, has enabled an option known as pwfeedback.
WhatsApp Bug Allowed Attackers to Access the Local File System
Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a user's local file system, on both macOS and Windows platforms. "A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading," Facebook's security advisory explains. "Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message."
Touch panels deployed in critical infrastructure vulnerable to remote attacks
Manufacturing facilities and processing centers using AutomationDirect C-more Touch Panels are advised to upgrade their firmware ASAP, as older versions contain a high-risk vulnerability (CVE-2020-6969) that may allow attackers to get account information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device.