<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 5/22/2020

Top News

FBI offers US companies more details from investigations of health care hacking

The FBI has provided U.S. companies more information on the extent of recent criminal and foreign government-backed hacking operations against the health care sector and warned of ongoing efforts to steal U.S. research data. Criminal and state actors continue to target U.S. clinical trial data, trade secrets, and the "sensitive data and proprietary research of U.S. universities and research facilities," the FBI told industry in an advisory this week. READ MORE...


Israeli Websites Targeted in Major Cyber Attack

Many Israeli websites were hit by a coordinated cyber attack Thursday, with the home pages replaced by images of the country's commercial capital Tel Aviv in flames. Israel's National Cyber Directorate said private companies using a particular operating system were targeted, but said the damage was "superficial". It did not state the number of pages targeted but Israeli media reported it was more than 1,000, including those of major firms. READ MORE...

Breaches

Hacker shares 40 million Wishbone user records for free

A hacker has leaked 40 million Wishbone user records that contain a treasure trove of information that could be used to perform phishing campaigns, account takeovers, and credential stuffing attacks. BleepingComputer has been able to independently confirm that the data is legitimate as it contains user records for people we know have used the app and who have confirmed the accuracy of the data. READ MORE...


Data Breach Hits Florida Unemployment System

Some Florida residents who have made unemployment claims may have had personal data stolen, officials said Thursday. The Florida Department of Economic Opportunity has notified 98 people who were part of a data breach associated with unemployment claims, agency spokeswoman Paige Landrum said in an email. Officials didn't say when the breach occurred, how many people were affected or what information was taken. READ MORE...

Software Updates

Adobe "out of band" critical patch - get your update now!

Adobe just published a foursome of very tight-lipped security notifications about new patches. By new we mean that they've come out since Patch Tuesday's updates showed up last week. In other words, if you are in the habit of only patching monthly, this is one of those times you need to break that habit. In common parlance, unexpected updates to products that usually stick to a consistent pattern for publishing fixes are known as out-of-band patches, and that's what we have here. READ MORE...

Malware

Silent Night Banking Trojan Charges Top Dollar on the Underground

A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware's author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model. Custom builds can run as much as $4,000 per month to use, which researchers say is now placing the code out of the range of any but large cybercriminal groups looking to mount mass campaigns. READ MORE...

Exploits/Vulnerabilities

Hackers tried to use Sophos Firewall zero-day to deploy Ransomware

Hackers tried to exploit a zero-day in the Sophos XG firewall to distribute ransomware to Windows machines but were blocked by a hotfix issued by Sophos. At the end of April, hackers utilized a zero-day SQL injection vulnerability that leads to remote code execution in Sophos XG firewalls. Attackers used this vulnerability to install various ELF binaries and scripts that are being named by Sophos as the Asnarök Trojan. READ MORE...


Critical Cisco Bug in Unified CCX Allows Remote Code Execution

Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express (CCX). Cisco's Unified CCX software is touted as a "contact center in a box" that allows companies to deploy customer-care applications. The flaw (CVE-2020-3280), which has a CVSS score of 9.8 out of 10, stems from the Java Remote Management Interface of the product. READ MORE...

Science & Culture

Nvidia trained an AI to build a playable Pac-Man clone for... reasons

You may be familiar with the Infinite Monkey Theorem, the claim that thousands of monkeys could bang on thousands of typewriters and eventually produce a work of art equivalent to William Shakespeare. This week, Nvidia confirms that it has taken this theory quite seriously with its own twist: an army of AI routines trained to build a playable video game from scratch. More precisely, they've chosen one of the industry's biggest, most recognizable games: Pac-Man. READ MORE...

On This Date

  • ...in 1939, Italy and Germany sign the Pact of Steel, giving formal birth to WWII's Axis powers.
  • ...in 1977, Janet Guthrie becomes the first female driver to qualify for the Indianapolis 500.
  • ...in 1982, 8-time Olympic medalist speed skater Apolo Anton Ohno is born in Seattle, WA.
  • ...in 2003, golfer Annika Sorenstam becomes the first woman to play in a PGA tour event since Babe Didrikson 58 years earlier.