<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/27/2020

SHARE

Top News

How Zoom, Netflix, and Dropbox are Staying Online During the Pandemic

To fight the COVID-19 pandemic, huge swaths of humanity have transformed their daily routines. But cloud platforms of some of the most popular internet services the quarantined world is now heavily leaning on for work, socializing, and entertainment - Zoom, Dropbox, and Netflix - have so far had no major trouble absorbing the massive surge in usage. READ MORE...

Breaches

AMD Confirms Hacker Stole Information on Graphics Products

AMD has confirmed that a hacker has stolen files related to some of its graphics products, but the company says it's not too concerned about the impact of the leak. A hacker who uses the online moniker "Palesa" claims to have obtained source code files related to several AMD graphics processing units (GPUs), including the Navi 10 architecture, which is used in some Radeon RX 5000-series graphics cards, the upcoming Navi 21, and Arden. READ MORE...

Hacking

Emerging APT Mounts Mass iPhone Surveillance Campaign

A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong - infecting website visitors with a newly developed custom surveillance malware. The bad code - the work of a new APT called "TwoSail Junk" - is delivered via a multistage exploit chain that targets iOS vulnerabilities in versions 12.1 and 12.2 of Apple's operating system, according to researchers. READ MORE...


Russian-Speaking Hackers Attack Pharma, Manufacturing Companies in Europe

Malware belonging to Russian-speaking threat actors was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries. Based on the tools employed in the attacks, the suspects are likely the Silence and TA505 financially-motivated groups. While TA505's history of attacks includes targets in the medical sector, these incidents would mark for Silence a departure from its regular targets, which are banks and financial institutions. READ MORE...

Software Updates

Unofficial Patches Released for Exploited Windows Font Processing Flaws

ACROS Security's 0patch service has developed unofficial patches for two actively exploited Windows vulnerabilities for which Microsoft has yet to release fixes. Microsoft revealed earlier this week that it had become aware of targeted attacks exploiting two Windows zero-days related to the way the Adobe Type Manager library handles Type 1 PostScript fonts. READ MORE...

Malware

Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic

The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic. Last week BleepingComputer contacted various ransomware groups and asked if they would target hospitals and other healthcare organizations during the pandemic. With the amount of strain healthcare organizations are under during this pandemic, I was hoping that ransomware operators would avoid these organizations so they can focus on treating people. READ MORE...

Information Security

WeLiveSecurity: What happens when the global supply chain breaks?

Recent events have illustrated the need for robust continuity plans, and while these events are still unfolding, it also brings to light the need for robust supply chain planning. A review of the r/sysadmin group on Reddit reveals comments from systems administrators that their orders for laptops, servers, networking gear are being delayed for at least one to two months… so far. And that is for large enterprises, whose purchase contracts typically extend out over several quarters. READ MORE...


Leave the pandemic out of your phishing simulations, Cofense says to industry

At least one anti-phishing company says it won't be testing its customers with coronavirus-themed emails, out of concerns that it's not socially responsible to play into fears around the current pandemic. Cofense says it has removed all COVID-19-themed spearphishing templates from its repository of attacks, and the Virginia-based company is recommending other organizations join it in a pledge to avoid using the global health crisis as fodder. READ MORE...

Exploits/Vulnerabilities

New Windows 10 Bug Causes Internet Connectivity Issues, Fix in April

All supported Windows 10 and Windows Server versions are affected by a new bug that could cause applications to be unable to connect to the Internet. According to a new post by Microsoft, when a Windows user is using a manual or auto-configured proxy, they may have issues connecting to the Internet with applications that utilize the WinHTTP or WinInet Windows networking APIs. This bug has a greater chance of affecting VPN users. READ MORE...


Critical CODESYS Bug Allows Remote Code Execution

A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code. The bug is rated 10 out of 10 on the CVSS v.2 vulnerability severity scale and requires little skill to exploit, the company said. It's a heap-based buffer overflow - a class of vulnerability where the region of a process' memory used to store dynamic variables (the heap) can be overwhelmed. READ MORE...