<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/18/2020

SHARE

Hacking

Nation-Backed Hackers Spread Crimson RAT via Coronavirus Phishing

A state-sponsored threat actor is attempting to deploy the Crimson Remote Administration Tool (RAT) onto the systems of targets via a spear-phishing campaign using Coronavirus-themed document baits disguised as health advisories. This nation-backed cyber-espionage is suspected to be Pakistan-based and it is currently tracked under multiple names including APT36, Transparent Tribe, ProjectM, Mythic Leopard, and TEMP.Lapis. READ MORE...


Magecart hackers have spent weeks lurking on NutriBullet's website

A group of scammers using a pervasive hacking technique have spent weeks lurking on the website where NutriBullet customers entered their payment data, according to new findings from a cybersecurity vendor. RiskIQ published research on Wednesday detailing how a hacking group, known as Magecart Group 8, snuck malicious code onto NutriBullet's website to collect financial information from customers who purchased blenders and other products from the company. READ MORE...

Software Updates

Adobe Fixes Nine Critical Vulnerabilities in Reader, Acrobat

Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution. Adobe usually releases security updates in conjunction with Microsoft's Patch Tuesday security updates, but this month nothing was released at that time. Today, Adobe has released security updates that fix 13 vulnerabilities, with 4 rated as 'Important' as they lead to information disclosure or privilege escalation. READ MORE...


VMware patches virtualisation bugs

Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines (VMs). VMware made its name offering server virtualisation products that recreate server hardware in software, allowing admins to run many virtual servers on the same physical box at once. Most 'type one' server hypervisors, including VMware's, run directly on the bare metal instead of an installed operating system. READ MORE...

Malware

This Stalkerware Delivers Extra-Creepy Features

Researchers are sending up a red flag over the distribution of an aggressive stalkerware app called Monitor Minor. In a report released Monday, researchers said the Android version of the app gives stalkers near absolute control of targeted devices, going so far as allowing them to capture the unlock pattern or unlock code of phones. Over the past year, installs of stalkerware found on Android and iOS devices doubled, according to researchers. READ MORE...

Information Security

Security Lessons We've Learned (So Far) from COVID-19

As the crisis surrounding the novel coronavirus COVID 19 continues to spread around the globe, businesses everywhere have little choice but to make changes and put business continuity plans into action (assuming they have one). These pivots are stressing out just about everyone, from frontline workers to internal departments. Of course, this stress is acutely felt by security leaders who are being asked to deploy accommodations both quickly and securely. READ MORE...


40% of password managers duped by a fake Google app

Most of today's workplaces involve at least light computer interaction, which means there are passwords to create and remember. As we all know, we've got to create strong passwords or run the risk of being hacked. The problem is the strongest passwords are generally nearly random strings of characters with little to no meaning. Remembering all those random keystrokes can be a job in itself, so many of us turn to password managers to bridge that gap. READ MORE...

Exploits/Vulnerabilities

Trend Micro fixes two actively exploited zero-days in enterprise products

Trend Micro has fixed two actively exploited zero-day vulnerabilities in its Apex One and OfficeScan XG enterprise security products, and advises customers to update to the latest software versions as soon as possible. In both cases, attackers must authenticate to the target endpoint with valid, compromised credentials before attempting exploitation, which means that these flaws are likely to have been exploited by attackers who have already found their way into the enterprise network. READ MORE...