<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 3/17/2020

Top News

U.S. Health Department Site Hit With DDoS Cyber Attack

The United States Health and Human Services Department's web site was hit with a DDoS cyber attack Sunday night to take it offline in the middle of the Coronavirus outbreak. Since the COVID-19 outbreak, there has been a tremendous spike in people searching for HHS information about the Coronvirus. First reported by Bloomberg, attackers on Sunday night attempted to disrupt the dissemination of Coronavirus information by performing a DDoS attack against the HHS web site. READ MORE...

Hacking

Activities of a Nigerian Cybercriminal Uncovered

Ever wonder who's behind one of those Nigerian cyber-crime email campaigns asking you to enter into a shady business deal and how they're enacted? In a unique profile, researchers pulled back the curtain on such an attack with a report outlining how a Nigerian cybercriminal made hundreds of thousands of dollars over the course of seven years by targeting people through numerous malicious campaigns. READ MORE...

Malware

A coronavirus-tracking app locked users' phones and demanded $100

You can always count on hackers to exploit a terrible situation to try to make a buck. A new Android app that promises to deliver up-to-date figures on the coronavirus pandemic includes a strain of malicious software that locks up a user's phone and demands an extortion fee. The ransomware app, called CovidLock, threatens to erase everything on an infected phone if victims don't pay $100 in bitcoin within 48 hours, according to the security firm DomainTools. READ MORE...

Exploits/Vulnerabilities

WordPress and Apache Struts weaponized vulnerabilities on the rise

Vulnerabilities in leading web and application frameworks, if exploited, can have devastating effects like the Equifax breach which affected 147 million people, according to RiskSense. Among the report's key findings, total framework vulnerabilities in 2019 went down but the weaponization rate went up, WordPress and Apache Struts had the most weaponized vulnerabilities, and input validation surpassed cross-site scripting (XSS) as the most weaponized weakness in the frameworks examined. READ MORE...


Convincing Google Impersonation Opens Door to MiTM, Phishing

An attack that uses homographic characters to impersonate domain names and launch convincing but malicious websites takes minutes and a bare modicum of skill - while reaping high rates of success in luring victims, according to an independent researcher. Researcher Avi Lumelsky set out to see how easy it would be to set up a phishing page that used homographics to impersonate legitimate sites. READ MORE...