IT Security Newsletter - 4/16/2020
SAP's April 2020 Security Updates Patch Five Critical Vulnerabilities
SAP this week released its latest set of security patches, which brings a total of 23 Security Notes, including five that address Hot News vulnerabilities. The most important of the flaws is a missing XML validation vulnerability in SAP Commerce. Tracked as CVE-2020-6238 and featuring a CVSS score of 9.3, the bug could be exploited remotely and does not require authentication. READ MORE...
Cisco says to patch critical UCS security holes now
Cisco has posted a package of 17 critical security warnings about authentication vulnerabilities in its Unified Computing System that could let attackers break into systems or cause denial of service troubles. Specifically the problems are with Cisco's UCS Director and Express which let customers build private-cloud systems and support automated provisioning processes and orchestration to optimize and simplify delivery of data-center resources, the company said. READ MORE...
'Double Extortion' Ransomware Attacks Spike
Victims of ransomware attacks now face a double whammy of headaches. Cybercriminals are increasingly inflicting more pain on ransomware victims by threatening to leak compromised data or use it in future spam attacks, if ransom demands aren't met. The ransomware tactic, call "double extortion," first emerged in late 2019 by Maze operators - but has been rapidly adopted over the past few months by various cybercriminals behind the Clop, DopplelPaymer and Sodinokibi ransomware families. READ MORE...
49 crypto-wallet pickpocketing browser extensions booted from the Chrome web store
Hackers have been using Google Ads to target unsuspecting cryptocurrency investors into installing malicious browser extensions, with the aim of stealing passphrases and private keys and draining funds from their wallets. Harry Denley, a researcher at MyCrypto, has described how he discovered scores of malicious Chrome browser extensions that targeted cryptocurrency wallets from Ledger, Electrum, Exodus, Jaxx, KeepKey, MetaMask, MyEtherWallet, and Trezor. READ MORE...
Someone is passing around Valorant beta keys that are actually malware
Hackers are trying to exploit widespread interest in a buzzy, new video game in an attempt to steal gamers' username and password credentials. Attackers are disguising malicious software that looks like a product licensing key that would grant a user access to the beta version of "Valorant," a new title from the developer Riot Games. However, the game-key generator actually includes keylogger software that would allow hackers to track the words and phrases that users type. READ MORE...
Linksys Prompts Password Reset to Prevent Router Hacking
Linksys has prompted users to reset passwords after learning that hackers were leveraging stolen credentials to change router settings and direct customers to malware. The issue became apparent after the company's users started seeing an increasing number of messages in their web browsers, instructing them to download COVID-19-related applications that were, in fact, malware samples. READ MORE...
Using Cisco IP phones? Fix these critical vulnerabilities
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS Director and Cisco UCS Director Express for Big Data, its unified infrastructure management solutions for data center operations. Jacob Baines, a research engineer with Tenable, unearthed two critical flaws affecting the Cisco Wireless IP Phone 8821. READ MORE...
Exploit for Zoom Windows zero-day being sold for $500,000
An exploit for a zero-day remote code execution vulnerability affecting the Zoom Windows client is currently being sold for $500,000, together with one designed to abused a bug in the video conferencing platform's macOS client. Zero-days are vulnerabilities that haven't yet been patched by the affected software or hardware vendor and that allow attackers to compromise any targets running or using the unpatched products. READ MORE...
- ...in 1940, Bob Feller of the Cleveland Indians throws a no-hitter.
- ...in 1952, voice actor Billy West, best known as Fry on "Futurama" and Stimpy on "Ren & Stimpy", is born in Detroit, MI.
- ...in 1963, The Beatles perform on BBC TV for the first time on The 625 Show.
- ...in 1972, Apollo 16 is launched from Cape Canaveral. It will be the fifth lunar landing of the Apollo program.