IT Security Newsletter - 2/6/2020
FBI Director Warns of Ongoing Russian 'Information Warfare'
FBI Director Chris Wray said Wednesday that Russia is engaged in "information warfare" heading into the 2020 presidential election, though he said law enforcement has not seen ongoing efforts by Russia to target America's election infrastructure. Wray told the House Judiciary Committee that Russia, just as it did in 2016, is relying on a covert social media campaign aimed at dividing American public opinion and sowing discord. READ MORE...
Charming Kitten Uses Fake Interview Requests to Target Public Figures
The Iran-based hacking group Charming Kitten has resurfaced with a new campaign that uses fake interviews to target public figures to launch phishing attacks and steal victims' email-account information. In a report released Wednesday, security researchers at Certfa Lab say they discovered the Iranian APT group targeting public figures such as political and human rights activists with new attacks aimed at stealing their email credentials. READ MORE...
New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers
Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a "self-spreading" variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT devices are targets in a new global campaign leveraging the malware variant. READ MORE...
Emotet can spread to poorly secured Wi-Fi networks and computers on them
Here's yet another reason to secure Wi-Fi networks and Windows user accounts with a strong enough password: researchers have spotted and analyzed a malware program that is able to spread the Emotet Trojan to nearby wireless networks and compromise computers on them. READ MORE...
500,000 victims pummeled in multi-stage BitBucket malware scheme
An ongoing campaign from an unidentified threat actor has been deploying seven different kinds of malware - including ransomware - at once against an estimated 500,000 targets over the past couple of months to steal as much money as possible, according to new research from Cybereason. The different kinds of malware deployed from just this one actor is unprecedented. READ MORE...
How your network could be hacked through a Philips Hue smart bulb
Security researchers at Check Point have published details of vulnerabilities they have found in Philips Hue smart bulbs that could be exploited by hackers to compromise networks remotely. The researchers were able to hijack control the IoT bulbs and install malicious firmware on it. With that beachhead in place they were then able to launch attacks to compromise the bulbs' control bridge and then use an inventive method to attack the network. READ MORE...
Krebs on Security: When Your Used Car is a Little Too 'Mobile'
Many modern vehicles let owners use the Internet or a mobile device to control the car's locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. Here's the story of one former electric vehicle owner who discovered he could still gain remote, online access to his old automobile years after his lease ended. READ MORE...
How your screen's brightness could leak data from your air-gapped computer
It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer. And this time they haven't done it by listening to a PC's fan, or watching the blinking LED lights on a hard drive or even picking up FM radio waves. READ MORE...
This Sculpture Holds a Decades-Old C.I.A. Mystery. And Now, Another Clue.
The creator of one of the world's most famous mysteries is giving obsessive fans a new clue. Kryptos, a sculpture in a courtyard at the headquarters of the Central Intelligence Agency in Langley, Va., holds an encrypted message that has not fully yielded to attempts to crack it. It's been nearly 30 years since its tall scroll of copper with thousands of punched-through letters was set in place. READ MORE...