<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 6/18/2020

Breaches

IT giant Cognizant confirms data breach after ransomware attack

In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack. Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue. As a managed service provider (MSP), Cognizant remotely manages many of its clients to fix issues, install patches, and monitor their security. READ MORE...

Hacking

To evade detection, hackers are requiring targets to complete CAPTCHAs

CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks. Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an attempt to thwart automated detection by good guys. READ MORE...


InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership

The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat (APT) group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations in Ukraine and Russia. More recently, researchers have spotted the group attacking a few high-profile organizations in the military sector and diplomatic missions, both in Eastern Europe. READ MORE...

Malware

New Mac malware spreads disguised as Flash Player installer via Google search results

Security experts at Intego are warning Apple Mac users of a new in-the-wild malware threat, which masquerades as an installer for Adobe Flash Player. The malware, which Intego says appears to be a variant of OSX/Shlayer and OSX/Bundlore, was found hiding on webpages. Using the disguise of an Adobe Flash Player update is hardly new for malware, but what is more unusual is how the malware attempts to hide its activities from both the computer user and security software. READ MORE...

Exploits/Vulnerabilities

Massive spying on users of Google's Chrome shows new security weakness

A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google's market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry's failure to protect browsers as they are used more for email, payroll and other sensitive functions. Alphabet Inc's Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month. READ MORE...


Netgear moves to plug vulnerability in routers after researchers find zero-day

A newly discovered software vulnerability could allow hackers to remotely exploit home internet routers, offering a foothold for breaking into the devices running on those networks. Researchers say the flaw in routers made by Netgear - revealed this week by cybersecurity company GRIMM and Trend Micro's Zero Day Initiative (ZDI) - underscores the long-running challenge of improving security in a market that prizes affordable and functional networking equipment. READ MORE...


Vulnerable platform used in power plants enables attackers to run malicious code on user browsers

Otorio's incident response team identified a high-score vulnerability in OSISoft's PI System. They immediately notified OSIsoft Software of the vulnerability, which OSIsoft filed with ICS-CERT (ICSA-20-163-01). Installed in some of the world's largest critical infrastructure facilities, OSIsoft Software's PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves. READ MORE...

Encryption

End-to-end encryption will be offered to all Zoom users

Zoom Video Communications has decided to extend the benefits of end-to-end encryption (E2EE) not only to paying Zoom customers, but to those who create free accounts, as well. The decision was reached after much public outcry by privacy-minded users and privacy advocates. As famed cryptographer and privacy specialist Bruce Schneier noted, "we are learning - in so many areas - the power of continued public pressure to change corporate behavior." READ MORE...

On This Date

  • ...in 1812, the United States declares war on the United Kingdom, beginning the War of 1812.
  • ...in 1815, British and Prussian forces led by Wellington and Blucher defeat Napoleon Bonaparte's army at Waterloo.
  • ...in 1942, singer-songwriter Paul McCartney is born in Liverpool, England.
  • ...in 1983, astronaut Sally Ride becomes the first American woman in space, aboard the STS-7 mission.