<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/27/2020

SHARE

Breaches

Collection of South Korean, U.S. Payment Cards Emerges on Underground Market

A collection of approximately 400,000 payment card records, mainly from South Korea and the United States, has emerged on the dark web this month, Group-IB reports. Uploaded on a popular darknet cardshop on April 9, this collection represents the largest sale of South Korean records on underground markets this year, the cyber-security company warns. It also shows the growing popularity of APAC-issued card dumps among cyber-criminals. READ MORE...


Nintendo Confirms Breach of 160,000 Accounts

Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system. Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were logging into victims' accounts and abusing the payment cards connected to the accounts to buy digital goods on Nintendo's online stores, such as V-Bucks, in-game currency used in Fortnite. READ MORE...

Hacking

Poland implicates Russia in cyberattack, info op aimed at undercutting U.S. relations

Polish security services on Thursday suggested the Russian government could be behind a cyberattack against an elite Polish military academy and an ensuing effort to undermine U.S.-Polish relations. Stanislaw Zaryn, a spokesman for the Minister-Special Services Coordinator, which oversees Polish security agencies, announced that hackers had breached the website of Poland's War Studies University. READ MORE...


Israel Says Hackers Targeted SCADA Systems at Water Facilities

The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks aimed at water facilities. According to an alert published by Israel's National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities. READ MORE...

Software Updates

Microsoft Teams patched against image-based account takeover

After looking at how Microsoft Teams handles image resources, security researchers found a way to take over accounts by sending recipients a regular GIF. The method could have been used for the desktop and web versions of Teams to get access to multiple accounts at once and steal conversations and threads. Controlling a subdomain under teams[.]microsoft[.]com was the main condition for the attack, and the researchers had two to choose from. READ MORE...

Malware

'VictoryGate' Botnet Infected 35,000 Devices via USB Drives

ESET managed to sinkhole several command and control servers of a botnet that propagates via infected USB devices, thus disrupting its activities. Referred to as VictoryGate and active since at least May 2019, the botnet impacted devices in Latin America the most, especially Peru, where more than 90% of the compromised devices are located. ESET's security researchers were able to estimate the botnet's size at over 35,000 devices. READ MORE...

Exploits/Vulnerabilities

Web shell warning issued by US and Australia

The US National Security Agency (NSA) and its Australian counterpart the Australian Signals Directorate (ASD) have published a set of guidelines to help companies avoid a common kind of attack: web shell exploits. A web shell is a malicious program, often written in a scripting language like PHP or Java Server Pages, that gives an attacker remote access to a system and lets them execute functions on a victim's web server. READ MORE...

On This Date

  • ...in 1986, the Ukrainian city of Pripyat and surrounding areas are evacuated following the Chernobyl disaster.
  • ...in 1981, Xerox PARC introduces the 8010 Star workstation, the first personal computer to ship with a mouse peripheral.
  • ...in 1989, protesting students from Peking University take over Tiananmen Square in Beijing, China.
  • ...in 1994, Nelson Mandela wins the presidency in South Africa's first democratic and multiracial general election.