IT Security Newsletter - 5/27/2020
New Android vulnerability Strandhogg 2.0 exploits user trust
A Norwegian infosec firm discovered a new Android vulnerability, which they've dubbed Strandhogg 2.0. Security firm Promon says "Strandhogg" is an old Norse strategy for coastline raids and abductions, and today's vulnerability is the "evil twin" of a similar one discovered in 2019. The original Strandhogg used an Android feature called taskAffinity to hijack applications. READ MORE...
26 million LiveJournal accounts being shared on hacker forums
A database containing over 26 million unique LiveJournal user accounts, including plain text passwords, is being shared for free on multiple hacker forums. For some time, rumors have been circulating that LiveJournal was breached in 2014 and account credentials for 33 million users were stolen. Since approximately May 8th, 2020, links to a data dump allegedly containing 33,717,787 unique accounts have been circulating on various hacker forums. READ MORE...
Arbonne MLM data breach exposes user passwords, personal info
International multi-level marketing (MLM) firm Arbonne International exposed the personal information and credentials of thousands after its internal systems were breached by an unauthorized party last month. Arbonne is a privately held California-based company acquired by Groupe Rocher in 2018, with annual revenues of over $500 million and a network of more than 200,000 independent consultants from the United States, the United Kingdom, Canada, Australia, Poland, and New Zealand. READ MORE...
Federal officials have arrested another accused FIN7 hacker
A Ukrainian national was arrested last week in Seattle for his alleged involvement in hacking operations run by FIN7, a syndicate known for stealing approximately $1 billion from its victims in the United States. According to court documents obtained by CyberScoop, Denys Iarmak has been charged with conspiracy to commit computer hacking, accessing a protected computer to commit fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft. READ MORE...
Silent Night: A New Malware-as-a-Service Banking Trojan Analyzed
Silent Night is a new sophisticated and heavily obfuscated Zloader/Zbot, ZeuS-derived banking trojan. In March 2020, both FireEye and IBM reported a malicious campaign targeting COVID-19 financial compensation schemes. FireEye called the malware payload 'SILENTNIGHT', IBM described it as a ZeuS Sphinx/Terdot variant. Together they are right. Silent Night is a new ZeuS derivative, currently being offered under the malware-as-a-service (MaaS) model. READ MORE...
Turla APT Revamps One of Its Go-To Spy Tools
The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan (RAT) to attack governmental targets. Turla (a.k.a. Snake, Venomous Bear, Waterbug or Uroboros), is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier, according to previous research from Kaspersky. "It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets," according to the firm. READ MORE...
Open source libraries a big source of application security flaws
How many vulnerabilities lurk inside the bazillions of open source libraries that today's developers happily borrow to build their applications? Predictably, the answer is a lot, at least according to application security company Veracode which decided to scan 85,000 applications to see how many flaws it could turn up in the 351,000 libraries used by them. READ MORE...
- ...in 1897, Bram Stoker's vampire novel "Dracula" is published.
- ...in 1927, the last Model-T rolls off the assembly line.
- ...in 1937, San Francisco's Golden Gate Bridge opens.
- ...in 1941, the British Navy sinks the German battleship Bismarck.