<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 3/11/2020

Top News

FBI arrests alleged owner of Deer.io, top market for stolen accounts

The FBI on Saturday arrested the alleged owner of Deer.io: a Russia-based marketplace for buying and selling credentials for hacked accounts siphoned off of malware-infected computers, victims' personally identifiable information (PII), as well as financial and corporate data. According to the arrest warrant, the suspect, Kirill Victorovich Firsov, was arrested at the John F. Kennedy Airport, in New York. READ MORE...

Breaches

Entercom Radio Giant Says Data Breach Exposed User Credentials

US radio giant Entercom reported a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored third-party cloud hosting services and containing Radio[dot]com user credentials. Entercom's national network is comprised of more than 235 radio stations broadcasting news, sports, and music across the country and live the Radio[dot]com online live streaming service to over 170 million people each month. READ MORE...


Flaw in popular VPN service may have exposed customer data

NordVPN, one of the most popular virtual private network (VPN) services, has fixed a security flaw that is said to have exposed customers' email addresses and other information. The security hole was linked to three payment platforms used by NordVPN - Momo, Gocardless, and Coinpayments. According to The Register, which was the first to report on the issue, the flaw was uncovered by a researcher going by the moniker 'dakitu' and was disclosed via popular bug bounty platform HackerOne. READ MORE...

Software Updates

Krebs on Security: Microsoft Patch Tuesday, March 2020 Edition

Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup your system(s), and patch your PCs. All told, this patch batch addresses at least 115 security flaws. Twenty-six of those earned Microsoft's most-dire "critical" rating. READ MORE...

Malware

Microsoft strikes back at Necurs botnet by preemptively disabling hacking tools

Microsoft is trying to sink a vast network that cybercriminals have used for eight years to spread spam and hack computers throughout the globe. Microsoft announced on Tuesday that it has moved to disrupt the Necurs botnet, a network of more than 9 million computers that had been surreptitiously infected with malware and then used by hackers to carry out various schemes. READ MORE...

Information Security

Deloitte: 8 things municipal governments can do about ransomware

The IT systems of the City of Durham and Durham County in North Carolina have been shuttered since a successful ransomware attack struck the municipalities on the evening of March 6. Although details are still sketchy, the North Carolina Bureau of Investigation indicated the attackers used Russian-made malware known as Ryuk. Durham joins a growing list of local governments grappling with the latest security scourge sweeping the country. READ MORE...

Exploits/Vulnerabilities

Windows has a new wormable vulnerability, and there's no patch in sight

Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world. The vulnerability exists in version 3.1.1 of the Server Message Block 3.1.1 that's used to share files, printers, and other resources on local networks and over the Internet. READ MORE...


Researchers Develop New Side-Channel Attacks on Intel CPUs

Security researchers have discovered yet another way that attackers can take advantage of a performance optimization technique in modern CPUs called speculative execution in order to steal encryption keys, passwords, and other information from a targeted system. The vulnerability affects all Intel CPUs in servers, desktops, and laptops manufactured between 2012 and 2020 including the ninth generation of Intel CPUs. READ MORE...


Firefox Bug Opens iPhone AirPods to Third-Party Snooping

Five high-severity bugs were fixed in the Firefox web browser with the release of version 74 by the Mozilla Foundation on Tuesday. In addition, Mozilla reported a quirky moderate-severity flaw that allows hackers to target iPhone users and collect data tied to connected AirPods, if in use. In total, 12 bugs were patched with six rated as moderate severity and one low-severity bug. READ MORE...