IT Security Newsletter - 5/20/2020
Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices
Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to capture sensitive data from the other device. The bugs allow Bluetooth Impersonation Attacks (BIAS) on everything from internet of things (IoT) gadgets to phones to laptops. READ MORE...
Ukraine Nabs Suspect in 773M Password 'Megabreach'
In January 2019, dozens of media outlets raised the alarm about a new "megabreach" involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled "the largest collection of stolen data in history." A subsequent review by KrebsOnSecurity quickly determined the data was years old and merely a compilation of credentials pilfered from mostly public data breaches. Earlier today, authorities in Ukraine said they'd apprehended a suspect in the case. READ MORE...
Microsoft warns of 'massive' phishing attack pushing legit RAT
Microsoft is warning of an ongoing COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool. In a series of tweets, the Microsoft Security Intelligence team outlines how this "massive campaign" is spreading the tool via malicious Excel attachments. The attack starts with emails pretending to be from the Johns Hopkins Center, which is sending an update on the number of Coronavirus-related deaths there are in the United States. READ MORE...
WordPress Malware Targets WooCommerce Stores
Researchers have spotted a piece of WordPress malware that allows cybercriminals to collect information from WooCommerce stores and helps them set up compromised websites for future skimming attacks. WooCommerce is a highly popular open-source eCommerce plugin for WordPress that allows site owners to easily set up their own online store. With more than 5 million installations, it is one of the biggest eCommerce platforms and is often targeted by cybercriminals for financial gain. READ MORE...
WolfRAT Android Malware Targets WhatsApp, Facebook Messenger
A new Android malware family has been discovered, which targets popular messaging apps like WhatsApp and Facebook Messenger to gather intelligence on Android victims. The malware, dubbed WolfRAT, is under active development, and was recently identified in campaigns targeting Thai users. Researchers assess with "high confidence" that the malware is operated by Wolf Research, a Germany-based spyware organization that develops and sells espionage-based malware to governments. READ MORE...
Researcher Finds Memory Corruption Vulnerabilities in Several Adobe Products
Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products. All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro's Zero Day Initiative (ZDI). Powell found the vulnerabilities in Character Animation, Premiere Rush, Premiere Pro, and Audition. READ MORE...
Malwarebytes: When the coronavirus infodemic strikes
Social media sites are stepping up their efforts in the war against misinformation… specifically, the coronavirus/COVID-19 infodemic. There's a seemingly endless stream of potentially dangerous misinformation flying around online related to the COVID-19 pandemic, and that could have fatal results. It's boomtown in fake-news land riding high on the wave of people being left with their tech devices 24/7. READ MORE...
- ...in 1873, Levi Strauss and Jacob Davis receive a patent for rugged work pants with riveted seams, better known today as Levi's 501 blue jeans.
- ...in 1899, Jacob German, operator of a taxicab for the Electric Vehicle Company, becomes the first driver to be arrested for speeding. He is driving 12 mph.
- ...in 1911, comics and sci-fi writer Gardner Fox, the creator of The Flash and the Justice League of America, is born in Brooklyn, NY.
- ...in 1927, Charles Lindbergh takes off in his custom-built plane, The Spirit of St. Louis, for the first-ever solo transatlantic flight