IT Security Newsletter

IT Security Newsletter - 4/28/2020

Written by Cadre | Tue, Apr 28, 2020

Hackers leak credentials of WHO and Gates Foundation employees

Almost 25,000 email addresses and passwords allegedly belonging to employees of leading health organisations such as the World Health Organisation (WHO) and the US National Institutes of Health (NIH) have been leaked online in what is being described as a "harassment campaign". The news comes as WHO reported that it has been forced to double its security resources due to a significant increase in cyber attacks on the organisation since mid-March. READ MORE...

Troves of Zoom Credentials Shared on Hacker Forums

Hackers have a new favorite topic of conversation on underground forums: How to obtain - and leverage - valuable credentials for Zoom, Skype, Webex and other web conferencing platforms increasingly used by remote workers. That's what Etay Maor, chief security officer at IntSights, has discovered over the past few weeks in his examinations of various underground forums. READ MORE...

Hackers spoof SBA to try to compromise companies' computers

With the U.S. Small Business Administration continuing to play a high-profile role in getting cash to companies that are struggling because of the coronavirus pandemic, cybercriminals are stepping up their efforts to steal money from those very firms. Research published Monday by IBM's incident response team shows that attackers are spoofing the SBA in emails to try to install a remote hacking tool capable of stealing passwords and accessing webcams. READ MORE...

Sophos fixes firewall bug being actively exploited in SQL injection attacks

Hackers have been exploiting a previously unknown vulnerability in Sophos XG devices to launch SQL injection attacks to steal usernames and hashed passwords of user accounts. The British security firm last week encountered an XG Firewall with a suspicious field value visible in the management interface before launching an immediate investigation that resulted in the discovery of an ongoing attack. READ MORE...

Shade Ransomware Authors Release Decryption Keys

The developers behind the Shade ransomware on Monday announced that they ceased operations and publicly released decryption keys to let their victims recover files for free. Also referred to as Troldesh and Encoder.858, Shade has been present on the malware landscape since 2014. Updated with backdoor capabilities in 2016, the Trojan became one of the most prevalent threats last year, when it was observed targeting over 340 file extensions for encryption (using AES 256). READ MORE...

Lucy malware for Android adds file-encryption for ransomware ops

A threat actor focusing on Android systems has expanded their malware-as-a-service (MaaS) business with file-encrypting capabilities for ransomware operations. Named Lucy Gang by researchers, the actor is a Russian-speaking team that made itself known two years ago with the Black Rose Lucy service, offering botnet and malware dropping capabilities for Android devices. READ MORE...

Code Injection Vulnerability Found in 'Real-Time Find and Replace' WordPress Plugin

The "Real-Time Find and Replace" WordPress plugin was updated recently to address a high severity vulnerability that could be exploited to inject code into a website. Designed to allow WordPress site admins to dynamically replace HTML content from themes and other plugins with content of their choosing before the page is served to users, the plugin is available as open source and has over 100,000 installations. READ MORE...

  • ...in 1947, writer/explorer Thor Heyerdahl sets off on his Kon-Tiki expedition, to prove that ancient South Americans could have settled Polynesia.
  • ...in 1948, fantasy author Terry Pratchett, best known for his "Discworld" series of novels, is born in Buckinghamshire, England.
  • ...in 1986, the US Navy vessel USS Enterprise becomes the first nuclear-powered aircraft carrier to travel the Suez Canal.
  • ...in 2001, millionaire Dennis Tito becomes the world's first space tourist, paying $20M to join the Russian Soyuz TM-32 mission.