IT Security Newsletter - 4/2/2020
Attackers can use Zoom to steal users' Windows credentials with no warning
Users of Zoom for Windows beware: the widely used software has a vulnerability that allows attackers to steal your operating system credentials, researchers said. Discovery of the currently unpatched vulnerability comes as Zoom usage has soared in the wake of the coronavirus pandemic. With massive numbers of people working from home, they rely on Zoom to connect with co-workers, customers, and partners. READ MORE...
Zoom vulnerabilities could give attackers webcam, microphone access
Vulnerabilities discovered in popular video teleconferencing app Zoom could allow attackers to escalate privileges on a computer or allow access to users' webcams and microphones, according to new research from Jamf Principal Security Researcher Patrick Wardle. It's just the latest security and privacy issue for Zoom, which has been served with a class-action lawsuit over its data sharing practices, and come under scrutiny from the New York Attorney General's Office and the FBI. READ MORE...
Hacker Group Backdoors Thousands of Microsoft SQL Servers Daily
Hackers have been brute-forcing thousands of vulnerable Microsoft SQL (MSSQL) servers daily to install cryptominers and remote access Trojans (RATs) since May 2018 as researchers at Guardicore Labs discovered in December. This attack campaign is still actively infecting between 2,000 and 3,000 MSSQL servers on a daily basis and it was dubbed Vollgar because the cryptomining scripts it deploys on compromised MSSQL will mine for Monero (XMR) and Vollar (VDS) cryptocurrency. READ MORE...
Coronavirus 'Financial Relief' Phishing Attacks Spike
Researchers are warning of an upward surge in social-engineering lures in malicious emails that promise victims financial relief during the coronavirus pandemic. The slew of campaigns piggy-back on news of governments mulling financial relief packages, in response to the economic stall brought on by consumers social distance themselves. This latest trend shows cybercriminals continuing to look to the newest developments in the coronavirus saga as leverage for scams. READ MORE...
Vulnerable VPN appliances at healthcare organizations open doors for ransomware gangs
The increased enterprise VPN use due to the COVID-19 pandemic and the work-from-home (WFH) shift has not gone unnoticed by ransomware gangs, Microsoft warns. "We're seeing from signals in Microsoft Threat Protection services (Microsoft Defender ATP, Office 365 ATP, and Azure ATP) that the attackers behind the REvil ransomware are actively scanning the internet for vulnerable systems," the company shared. READ MORE...
- ...in 1889, inventor Charles M. Hall is given a patent for his method of extracting aluminum, allowing for large-scale production.
- ...in 1917, President Woodrow Wilson asks Congress for a declaration of war on Germany and the U.S. enters WWI.
- ...in 1992, Mafia boss John Gotti is convicted of murder and racketeering, and sentenced to life in prison.
- ...in 2005, Pope John Paul II dies.