IT Security Newsletter - 4/23/2020
A critical iPhone and iPad bug that lurked for 8 years may be under active attack
A critical bug that has lurked in iPhones and iPads for eight years appears to be under active attack by sophisticated hackers to hack the devices of high-profile targets, a security firm reported on Wednesday. The exploit is triggered by sending booby-trapped emails that, in some cases, require no interaction at all and, in other cases, require only that a user open the message, researchers from ZecOps said in a post. READ MORE...
Vietnam alleged to have hacked Chinese organisations in charge of COVID-19 response
Hackers working on behalf of the Vietnamese government attempted to break into Chinese organisations heading up the country's coronavirus response, according to infosec outfit FireEye.APT32, a hacking group previously linked to the Vietnamese government, tried to access the personal and professional email addresses of staff at China's Ministry of Emergency Management and the government of Wuhan, where it is believed the pandemic started. READ MORE...
Zoom bolsters software security in latest move to reassure users
Zoom, the videoconferencing service whose popularity has soared during the coronavirus pandemic, on Wednesday said it was adding security measures to its software following scrutiny from independent researchers. The next version of Zoom, to be released this week, will have stronger encryption for data sent between participants in a meeting to prevent tampering, the Silicon Valley-based company said. READ MORE...
Microsoft warns of "prolific" Trickbot malware exploiting COVID-19 crisis
Microsoft has warned that cyber criminals are taking advantage of the ongoing coronavirus crisis to trick users into downloading malware onto their devices. In a statement on Twitter, Microsoft Security Intelligence said that hackers are posing as the "Usa Volunteer Organization" and the "Usa Humanitarian Group" and are sending out hundreds of emails offering free COVID-19 medical advice and testing. READ MORE...
Graham Cluley: Maze Ransomware - What you Need to Know
Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organisations around the world, demanding a cryptocurrency payment be made in return for the safe recovery of encrypted data. Like other ransomware seen in the past, Maze can spread across a corporate network, infecting computers it finds and encrypting data so it cannot be accessed. READ MORE...
Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug
A new variant of the Hoaxcalls botnet, which can be marshalled for large-scale distributed denial-of-service (DDoS) campaigns, is spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month. That's according to researchers at Radware, who also said that it's notable how quickly Hoaxcalls operators have moved to weaponize the ZyXel bug, which at this time of writing, has still not be addressed in a ZyXel advisory. READ MORE...
How to protect your Nintendo account from hackers with two-step verification (2SV)
Sure, it's for video-gaming - but you should still try to make your Nintendo account as hard as possible to hack. Nintendo Switch owners can buy games online through the official eShop, and a hacker might try to purchase digital currencies for games such as Fortnite through a user's linked PayPal account. Nintendo, like many other companies, offers two-step verification (2SV) - sometimes known as two-factor authentication - to help users protect their online accounts. READ MORE...
How one security researcher used radio signals to hop an air gap
For years, researchers and spies have devised ways of getting malware to computers that are "air-gapped," or physically isolated from external network connections. Attacks like Stuxnet, the computer worm deployed against an Iranian nuclear facility a decade ago, shattered the myth that air-gapped systems are impenetrable fortresses. In that case, suspected U.S. and Israeli intelligence operatives crossed an air gap with malware that ultimately sabotaged centrifuges at a uranium enrichment plant. READ MORE...
- ...in 1858, German physicist and Nobel laureate Max Planck, the originator of quantum theory, is born in Kiel, Germany.
- ...in 1914, Weeghman Park in Chicago hosts its first-ever baseball game. Thirteen years later, the park is renamed Wrigley Field.
- ...in 1936, operatic-voiced rock singer/songwriter Roy Orbison ("Only the Lonely", "Oh, Pretty Woman") is born in Vernon, TX.
- ...in 1985, Coca-Cola releases the ill-fated "New Coke" to a negative response from consumers; three months later, the old formula is back in stores.