<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/26/2020

SHARE

Breaches

Tupperware Hit By Card Skimmer Attack

Tupperware famously locks in food's freshness, but hackers could not be locked out of the company's e-commerce site. The primary Tupperware site, along with several localized versions, were compromised by digital credit card skimmer disguised inside an image file. Researchers at Malwarebytes Labs discovered the malicious code when they noticed an anomaly in an iframe container. READ MORE...

Hacking

New attack on home routers sends users to spoofed sites that push malware

A recently discovered hack of home and small-office routers is redirecting users to malicious sites that pose as COVID-19 informational resources in an attempt to install malware that steals passwords and cryptocurrency credentials, researchers said on Wednesday. A post published by security firm Bitdefender said the compromises are hitting Linksys routers, although BleepingComputer, which reported the attack two days ago, said the campaign also targets D-Link devices. READ MORE...


FBI Shutters Russian-Based Hacker Platform, Makes Arrest

The FBI this week shut down Deer.io, a Russia-based hacker platform through which criminals could buy access to virtual storefronts and sell illegal products or services. Officials arrested its suspected administrator, alleged Russian hacker Kirill Victorovich Firsov, charging him with crimes related to hacking US companies for customers' personal data, the Department of Justice reports. READ MORE...

Software Updates

Microsoft to stop serving non-security monthly updates to Windows

Beginning in May, Microsoft plans to halt the delivery of all non-security updates to Windows, another step in its suspension of non-essential revisions to the OS and other important products. The optional updates, which Microsoft designates as Windows' C and D updates, are released during the third and fourth week of each month, respectively. READ MORE...


Apple iOS 13.4 offers fixes for 30 vulnerabilities

Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS. In terms of security, the attention grabber is iOS/iPad 13.4, which fixes 30 CVEs. Apple doesn't rate the severity of vulnerabilities in its advisories, but we can pick out a few highlights from their descriptions. The following apply to supported devices, namely the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation. READ MORE...

Malware

Malware Disguised as Google Updates Pushed via Hacked News Sites

Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans. After gaining admin access to the compromised WordPress websites, the hackers inject malicious JavaScript code that will automatically redirect visitors to phishing sites. READ MORE...


TrickBot App Bypasses Non-SMS Banking 2FA

The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication (2FA) security method used by banks - by fooling its victims into downloading a malicious Android app. The app, which researchers dubbed "TrickMo," is still under active development. While TrickMo is being currently deployed against TrickBot victims in Germany, researchers say that it can be used to target any bank or region - and they expect to see frequent changes and updates in the future. READ MORE...

Information Security

Krebs on Security: US Government Sites Give Bad Security Advice

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. READ MORE...