IT Security Newsletter - 5/19/2020
Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials
A new phishing campaign can bypass multi-factor authentication (MFA) on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. Researchers at Cofense Phishing Defense Center discovered the tactic, which leverages the OAuth2 framework and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a rogue application. READ MORE...
Easyjet hacked: 9 million people's data accessed plus 2,200 folks' credit card details grabbed
Budget British airline Easyjet has been hacked, it has told the stock markets, admitting nine million people's details were accessed and more than 2,000 customers' credit card details stolen. Some information about the attack was released to the London Stock Exchange by the company, which claimed it had been targeted by "a highly sophisticated source". READ MORE...
Taiwan suggests China's Winnti group is behind ransomware attack on state oil company
Taiwanese authorities have suggested that Chinese hackers were behind a ransomware attack against Taiwan's state oil company, an aggressive assault on one of the island nation's strategic assets. Data left behind in the attack, such as a configuration file and domain name, point to the involvement of a group known as Winnti, or something "closely related" to it, Taiwan's Ministry of Justice said in a statement Friday. READ MORE...
Ransomware Gang Arrested for Spreading Locky to Hospitals
A cybercriminal gang have been arrested for spreading the Locky ransomware among hospitals, among other crimes. In an operation spearheaded by Romania's law enforcement department, four people have been taken into custody after their houses were raided - three in Romania and one in neighboring Moldova. Prosecutors at the Directorate for Investigating Organized Crime and Terrorism (DIICOT) are charging the group with illegal operations with computer devices and programs. READ MORE...
Fake U.S. Dept of Treasury emails spreads new Node.js malware
A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury. This new spam campaign was discovered by Abuse.ch that says payment for a government contract was not paid due to incorrect banking information. The email then prompts the user to examine the document for any mistakes, as if they do not hear back, the money will be used of the government's Coronavirus disaster relief. READ MORE...
Graham Cluley: FBI warns hackers are planting card skimmers on online stores
ZDNet reports that the FBI has issued a "flash alert" warning that hackers are planting Magecart-style payment card-skimming code on Magento-powered online stores running an out-of-date plugin. According to the alert, cybercriminals were able to infect an unnamed US ecommerce website with a Javascript code that could steal payment card data and personal information entered by shoppers as they attempted to purchase items. READ MORE...
Krebs on Security: This Service Helps Malware Authors Fix Flaws in their Code
Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne'er-do-wells to liberate or else seize control over already-hacked systems. Here's a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web's top cybercriminals. READ MORE...
Vishing explained: How voice phishing attacks scam victims
Vishing is a form of attack that attempts to trick victims into giving up sensitive personal information over the phone. While that makes it sound like an old-fashioned scam, vishing attacks have high-tech elements: they involve automated voice simulation technology, for instance, or the scammer may use personal information about the victim harvested from earlier cyberattacks to put them at ease. READ MORE...
- ...in 1749, King George II of England grants the Ohio Company a charter of several hundred thousand acres of land around the forks of the Ohio River.
- ...in 1943, Roosevelt and Churchill set a date for D-Day: May 1, 1944. However, the invasion is delayed a month until June 6.
- ...in 1963, the New York Post Sunday Magazine publishes Dr. Martin Luther King Jr.'s "Letter from Birmingham Jail".
- ...in 1984, "Press Your Luck" contestant Michael Larson exploits a flaw in the game show's "random" prize board to win USD $110,000 in a single night.