IT Security Newsletter - 4/7/2020
A Chinese security firm says DarkHotel hackers are behind an espionage campaign, but researchers want more details
A well-resourced hacking group with possible ties to South Korea has launched an apparent espionage campaign against the Chinese government as international governments grapple with the COVID-19 pandemic, according to a Chinese security firm. An advanced persistent threat group known as DarkHotel has compromised more than 200 virtual private network servers to infiltrate "many" Chinese institutions and government agencies, Qihoo 360 said in a report published Monday. READ MORE...
A Brisk Private Trade in Zero-Days Widens Their Use
There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that's likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group, a growing commercial market has made such tools much more widely available. A wider range of threat actors are now gaining access to exploits for undocumented, unpatched bugs simply by buying them - no deep security expertise required. READ MORE...
NASA sees an "exponential" jump in malware attacks as personnel work from home
NASA has experienced an exponential increase in malware attacks and a doubling of agency devices trying to access malicious sites in the past few days as personnel work from home, the space agency's Office of the Chief Information Officer said on Monday. "A new wave of cyber-attacks is targeting Federal Agency Personnel, required to telework from home, during the Novel Coronavirus (COVID-19) outbreak," officials wrote in a memo. READ MORE...
PSA: Fake Zoom installers being used to distribute malware
Attackers are taking advantage of the increased popularity of the Zoom video conferencing service to distribute installers that are bundled with malware and adware applications. As people are spending more time indoors and performing physical/social distancing, many have started using Zoom meetings for remote work, exercise classes, and virtual get-togethers. Knowing this, threat actors have started distributing Zoom client installers bundled with malware. READ MORE...
Do's and don'ts of videoconferencing security
When any technology sees its popularity increase quickly, the number of bad actors taking advantage of new and untrained users also grows. The world is seeing this now with videoconferencing services and applications, as reports about the popular Zoom app being hijacked - known as "Zoom-bombing" - have surfaced. The FBI's Boston office recently issued a warning for users of videoconferencing platforms about the incidents. READ MORE...
Thousands of Android apps contain undocumented backdoors, study finds
What might some Android apps be quietly doing behind the backs of their users? The answer, according to a succession of studies, is quite a lot, probably more than some users would be comfortable with if they knew about it. This isn't necessarily about outright malicious apps so much as legitimate apps taking liberties or installing with capabilities users wouldn't expect to exist. READ MORE...
Pre-Installed Utility Renders HP Computers Vulnerable to Attacks
A security researcher discovered multiple vulnerabilities in HP Support Assistant, a utility pre-installed on all HP computers sold after October 2012. Pre-loaded on computers running Windows 7, Windows 8, and Windows 10, the tool was found to be impacted by ten vulnerabilities, including five local privilege escalation flaws, two arbitrary file deletion bugs, and three remote code execution bugs. READ MORE...
80% of all exposed Exchange servers still unpatched for critical flaw
Over 350,000 of all Microsoft Exchange servers currently exposed on the Internet haven't yet been patched against the CVE-2020-0688 post-auth remote code execution vulnerability affecting all supported Microsoft Exchange Server versions. This security flaw is present in the Exchange Control Panel (ECP) component -on by default- and it allows attackers to take over vulnerable Microsoft Exchange servers using any previously stolen valid email credentials. READ MORE...
- ...in 1954, international action film star Jackie Chan ("Rumble in the Bronx", "Rush Hour") is born in Hong Kong.
- ...in 1964, IBM announces the System/360, the first mainframe computer system designed to cover the full range of scientific and commercial applications.
- ...in 1983, astronauts Story Musgrave and Don Peterson make the first Space Shuttle spacewalk on Challenger's maiden voyage.
- ...in 2001, the Mars Odyssey orbiter is launched. It will go on to become the longest-serving spacecraft at Mars, with a mission duration of 19 years and counting.