IT Security Newsletter - 6/17/2020
Multiple "CIA failures" led to theft of agency's top-secret hacking tools
In early 2017, WikiLeaks began publishing details of top-secret CIA hacking tools that researchers soon confirmed were part of a large tranche of confidential documents stolen from one of the agency's isolated, high-security networks. The leak-comprising as much as 34 terabytes of information and representing the CIA's biggest data loss in history-was the result of "woefully lax" practices, according to portions of a report that were published on Tuesday. READ MORE...
Hosting Provider Hit With Largest-Ever DDoS Attack
Attackers leveled the largest distributed denial-of-service attack to date against a specific website hosted by a large service provider in early June, topping a bandwidth of 1.44 terabits per second and 385 million packets-per-second. Internet infrastructure firm Akamai, which revealed the attack today, said a second attack topped 500 megabits-per-second and targeted a different site at the same provider. READ MORE...
'Ripple20' Bugs Impact Hundreds of Millions of Connected Devices
A series of 19 different vulnerabilities, four of them critical, are affecting hundreds of millions of internet of things (IoT) and industrial-control devices. The issue is based in the supply chain and code reuse, with the bugs affecting a TCP/IP software library developed by Treck that many manufacturers use. Researchers at JSOF uncovered the faulty part of Treck's code in the devices of more than 10 different manufacturers-and it's likely present in dozens more. READ MORE...
'Anonymous' takes down Atlanta Police Dept. site after police shooting
Following Friday's fatal police shooting of Rayshard Brooks - a 27-year-old Black man who fell asleep in a fast-food drive-in lane in Atlanta and was shot while running from police who tried to tase him - hackers affiliating themselves with the Anonymous hacktivist collective may have briefly taken down the website for the city's police department. According to the Atlanta Journal-Constitution, the APD's site was down for about 3 hours on Sunday morning. READ MORE...
Adobe fixes critical flaws in Illustrator, After Effects, more
Adobe has released out-of-band security updates to address 18 critical flaws that could allow attackers to execute arbitrary code on systems running vulnerable versions of Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition on Windows and macOS devices. Adobe usually releases security updates for all its products on the second Tuesday of every month, known as Patch Tuesday. READ MORE...
LinkedIn 'Job Offers' Targeted Aerospace, Military Firms With Malware
Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn's messaging service. Targets are sent phony job offers that include malicious documents designed to fetch data-exfiltrating malware. The spear-phishing messages were part of a widespread campaign, dubbed "Operation In(ter)ception," which targeted victims at European and Middle East aerospace and military companies. READ MORE...
No, that wasn't a DDoS attack, just a cellular outage
If Anonymous actually knows about a cyberattack that knocked telecommunications services throughout the U.S. offline Monday, then its members aren't saying much. A Twitter account claiming to be attached to the once formidable hacking group on Monday stated, without evidence, that the U.S. was enduring a distributed denial-of-service attack, perhaps from China. The tweets, sent by the @YourAnonCentral account to its 6.5 million followers, coincided with outages for T-Mobile customers in multiple cities. READ MORE...
Plex fixes Media Server bugs allowing full system takeover
Plex has patched and mitigated three vulnerabilities affecting Plex Media Server for Windows that could enable attackers to take full control of the underlying system when chained together. Plex Media Server is a desktop app and the backend server for the Plex media streaming service, designed for streaming movies, TV shows, music, and photo collections to over the Internet and on local area networks. READ MORE...
Unpatched bugs lets hackers add fake USB devices to remote desktop
An unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices. The flaw is identified as CVE-2020-9332 and resides in the bus driver for "USB for Remote Desktop" developed by FabulaTech. The company has an impressive customer list with high-profile organizations from a variety of sectors. READ MORE...
- ...in 1885, the Statue of Liberty arrives in New York Harbor.
- ...in 1898, Dutch artist M.C. Escher, known for his mathematically-inspired illustrations of "impossible" objects and architecture, is born in Leeuwarden, Netherlands.
- ...in 1901, the College Board introduces its first standardized test, the forerunner to the SAT.
- ...in 1948, former Cincinnati Reds shortstop (and key member of the Big Red Machine) Dave Concepcion is born in Ocumare de la Costa, Venezuela.