<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 5/15/2020

Breaches

Hacker selling 550 million stolen user records on hacking forum

A threat actor is selling twenty-nine databases on a hacker forum that allegedly contains a combined total of 550 million stolen user records. The actor began selling these databases on May 7th, when they posted them on a well-known hacker where threat actors can buy each one individually. According to cyber intelligence firm Cyble, none of these data breaches appear to be new, with the oldest being from 2012 and the latest from last month. READ MORE...

Hacking

The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet

Hutchins had saved the internet from what was, at the time, the worst cyberattack in history: a piece of malware called WannaCry. Just as that self-propagating software had begun exploding across the planet, destroying data on hundreds of thousands of computers, it was Hutchins who had found and triggered the secret kill switch contained in its code, neutering WannaCry's global threat immediately. Then he was arrested by the FBI. This is his untold story. READ MORE...

Malware

New software enables existing sensors to detect ransomware

Engineers from SMU's Darwin Deason Institute for Cybersecurity have developed software to detect ransomware attacks before attackers can inflict catastrophic damage. Ransomware is crippling cities and businesses all over the world, and the number of ransomware attacks have increased since the start of the coronavirus pandemic. Attackers are also threatening to publicly release sensitive data if ransom isn't paid. READ MORE...


Innovative Spy Trojan Targets European Diplomatic Targets

A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan (RAT). The malware is using spoofed visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT. According to researchers at Kaspersky, the fake visa application harbors code that acts as a first-stage dropper. READ MORE...

Information Security

Microsoft opens up coronavirus threat data to the public

Microsoft is making the threat intelligence it's collected on coronavirus-related hacking campaigns public, the company announced Thursday. "As a security intelligence community, we are stronger when we share information that offers a more complete view of attackers' shifting techniques," the Microsoft Threat Intelligence team said in a blog post. "This more complete view enables us all to be more proactive in protecting, detecting, and defending against attacks." READ MORE...

Exploits/Vulnerabilities

Top 10 most exploited vulnerabilities list released by FBI, DHS CISA

When work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff. Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misconfigurations that set them up to be targeted by malicious threat actors? READ MORE...


Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass

Cisco Systems and Palo Alto Networks have fixed similar high-risk authentication bypass vulnerabilities in their network security devices that were caused by an oversight in the implementation of the Kerberos protocol. Man-in-the-middle (MitM) attackers could exploit these weaknesses to get administrative control over the appliances. Researchers from security firm Silverfort discovered both vulnerabilities, which are similar and could potentially exist in other Kerberos implementations. READ MORE...

On This Date

  • ...in 1800, President John Adams moves the federal government from its original home in Philadelphia, to the nation's new capital in Washington, D.C.
  • ...in 1942, a bill establishing the Women's Auxiliary Army Corps (WAACs) becomes law, and granting women official military status in the US Army.
  • ...in 1963, astronaut Gordon Cooper becomes the first American to spend more than 24 hours in space, during the Mercury-Atlas 9 mission.
  • ...in 1973, California Angels pitcher Nolan Ryan strikes out 12 Kansas City Royals and walks three to pitch the first no-hitter of his career.