<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/11/2020

SHARE

Top News

Thunderspy: More Thunderbolt Flaws Expose Millions of Computers to Attacks

A researcher has disclosed the details of a new attack method that targets devices with a Thunderbolt port, allowing malicious actors to access a protected computer through an evil maid attack in under 5 minutes. The new attack method, dubbed Thunderspy, was discovered by Björn Ruytenberg of the Eindhoven University of Technology in the Netherlands. READ MORE...

Breaches

Hacker group floods dark web with data stolen from 11 companies

A hacking group has started to flood a dark web hacking marketplace with databases containing a combined total of 73.2 million user records over 11 different companies. For the past week, a hacking group known as Shiny Hunters has been busy selling a steady stream of user databases from alleged data breaches. It started last weekend with Tokopedia, Indonesia's largest online store, where a database of over 90 million user records was being sold. READ MORE...


Hackers Breach 3.5 Million MobiFriends Dating App Credentials

The credentials of 3.5 million users of MobiFriends, a popular dating app, have surfaced on a prominent deep web hacking forum, according to researchers. MobiFriends is an online service and Android app designed to help users worldwide meet new people online. The Barcelona-based developer of MobiFriends, MobiFriends Solutions, has not commented on the leak. READ MORE...

Hacking

DocuSign Phishing Campaign Uses COVID-19 as Bait

DocuSign users on Office 365 are the target of a new phishing campaign that features COVID-19 as a lure to convince them to offer up their credentials in return for pandemic information. According to researchers at Abnormal Security, 50,000 to 60,000 DocuSign users have received the phishing email, which purports to be an automated message from DocuSign carrying a link to a COVID-related document. READ MORE...

Trends

Attacks against internet-exposed RDP servers surging during COVID-19 pandemic

The rush to enable employees to work from home in response to the COVID-19 pandemic resulted in more than 1.5 million new Remote Desktop Protocol (RDP) servers being exposed to the internet. The number of attacks targeting open RDP ports in the US more than tripled in March and April. The RDP protocol is a frequent target for credential stuffing and other brute-force password guessing attacks. READ MORE...

Malware

North Korean hackers infect real 2FA app to compromise Macs

Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. Dacls has been used to target Windows and Linux platforms and the recently discovered RAT variant for macOS borrows from them much of the functionality and code. READ MORE...


Sodinokibi ransomware can now encrypt open and locked files

The Sodinokibi (REvil) ransomware has added a new feature that allows it to encrypt more of a victim's files, even those that are opened and locked by another process. Some applications, such as database or mail servers, will lock files that they have open so that other programs cannot modify them. These file locks prevent the data from being corrupted by two processes writing to a file at the same time. READ MORE...


Graham Cluley: Could this be the world's most harmless IoT botnet?

When researchers investigate suspected malware on an IoT device they normally expect to find a cryptominer to earn a hacker digital cash or perhaps botnet code to launch DDoS attacks against websites. What they probably never expect is to stumble across an entire botnet secretly operating under the radar of security firms for years, with the sole purpose of downloading Japanese anime videos. READ MORE...

Exploits/Vulnerabilities

Have you updated SaltStack Salt? Attacks are underway!

Have you updated your SaltStack Salt "masters" and made them inaccessible over the internet - or at least restricted access to them? Even though F-Secure researchers declined to publish PoC exploit code for two critical Salt flaws they recently discovered and privately disclosed, it didn't take long for others to do it and for attackers to try to exploit them. READ MORE...

On This Date

  • ...in 1858, Minnesota is admitted as the 32nd state.
  • ...in 1904, Spanish surrealist painter Salvador Dali ("The Persistence of Memory", "The Temptation of St. Anthony") is born in Catalonia.
  • ...in 1946, scientist Robert Jarvik, the designer of the revolutionary Jarvik-7 artificial heart, is born in Midland, MI.
  • ...in 1997, IBM's supercomputer Deep Blue makes chess history by defeating grandmaster Garry Kasparov in a six-game match.