<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/5/2020



GoDaddy notifies users of breached hosting accounts

GoDaddy notified some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH. The security incident took place on October 19, 2019, after the company's security team discovered suspicious activity on a subset of GoDaddy's servers. GoDaddy is the world's largest domain registrar and a web hosting company that provides services to roughly 19 million customers around the world. READ MORE...

Software Updates

Android's May 2020 Patches Fix Critical System Vulnerability

Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component. A total of 39 vulnerabilities were patched with the release, split into two parts: 15 received fixes as part of the 2020-05-01 security patch level, and 24 addressed with the 2020-05-05 security patch level. READ MORE...


LockBit ransomware self-spreads to quickly encrypt 225 systems

A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours. Started in September 2019, LockBit is a relatively new Ransomware-as-a-Service (RaaS) where the developers are in charge of the payment site and development and 'affiliates' sign up to distribute the ransomware. READ MORE...

Information Security

Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride - much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and a rogue transponder, for communicating with aircraft. READ MORE...


Hackers seize on software flaw to breach two victims, despite patch availability

Days after researchers warned of critical vulnerabilities in popular data-management software, hackers have exploited the flaws to breach two organizations that rely on the technology. LineageOS, a free Android-based operating system, and Ghost, a nonprofit behind widely used blogging software, reported Sunday that unidentified hackers had breached their infrastructure in apparently separate incidents. READ MORE...

PoC Exploit Released for DoS Vulnerability in OpenSSL

A proof-of-concept (PoC) exploit has been made public for a recently patched vulnerability in OpenSSL that can be exploited for denial-of-service (DoS) attacks. OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f are affected by a high-severity vulnerability that has been described as a segmentation fault in the SSl_check_chain function. The flaw, tracked as CVE-2020-1967, was patched on April 21 with the release of OpenSSL 1.1.1g. READ MORE...

Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap

A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply. Researcher Mordechai Guri from the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel has shown that a piece of malware can cause a device's power supply unit to generate sounds that can be picked up by a nearby receiver. READ MORE...

On This Date

  • ...in 1816, John Keats' first published poem, "O Solitude" , appears in The London Examiner.
  • ...in 1904, Cy Young throws a perfect game against the Philadelphia Athletics in Boston, MA.
  • ...in 1943, comedic actor Michael Palin from "Monty Python's Flying Circus" is born in Sheffield, England.
  • ...in 1961, Alan Shepard becomes the first American in space when his Freedom 7 craft achieves Earth orbit.