IT Security Newsletter - 6/19/2020
Michigan man accused in 2014 hack of medical center, sale of data on 65,000 people
Federal agents have arrested a 29-year-old Michigan man for allegedly hacking into a medical center in 2014, stealing data on more than 65,000 people and then selling it on the dark web, the Department of Justice announced Thursday. A 43-count indictment charges Justin Sean Johnson with wire fraud, aggravated identity theft and conspiracy for the hack of a database at University of Pittsburgh Medical Center (UPMC), Pennsylvania's largest health care system. READ MORE...
Hijacked Oxford server used by hackers for Office 365 phishing
Hackers hijacked an Oxford email server to deliver malicious emails as part of a phishing campaign designed to harvest Microsoft Office 365 credentials from targets. The attackers also made use of a domain hosted on an Adobe server and used by Samsung during 2018's Cyber Monday event. By leveraging these groups reputations within the same campaign, the attacks had everything needed to bypass their victims' security and trick the victims themselves into handing over their Office 365 credentials. READ MORE...
Wells Fargo phishing baits customers with calendar invites
Wells Fargo customers are being targeted by a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites. The phishing messages spotted by researchers at email security company Abnormal Security earlier this month have so far targeted over 15,000 Wells Fargo customers using .ics calendar file attachments containing events directing the recipients to phishing pages. READ MORE...
Drupal fixes three vulnerabilities, including one RCE
Drupal's security team has fixed three vulnerabilities in the popular content management system's core, one of which (CVE-2020-13663) could be exploited to achieve remote code execution. Drupal is a free and open-source web content management system (CMS), and over a million sites run on various versions of it. The most recent stable version is 9.x, released earlier this month. READ MORE...
How hackers used malicious Chrome extensions in a mass spying campaign
A sweeping set of surveillance campaigns has hit Google Chrome users, leading to nearly 33 million downloads of malicious software in the last three months, researchers at California-based Awake Security said Thursday. The researchers believe the unidentified hackers used Chrome extensions and other malicious tools - along with domains issued by a single registrar - to spy on computer users in sectors such as oil and gas, finance and health care. READ MORE...
Bundlore adware brings a new nest of risks to Mac users
A decade or so ago, many Mac users used to claim very confidently that anti-virus software would be wasted on them, "because Macs don't get malware." They'd admit that Mac malware was theoretically possible, but point out that because they'd never run into any problems themselves - problems that they knew of, anyway - and had never heard a fellow Mac user asking for help with a malware attack, they'd decided to ignore the issue of rogue software entirely. READ MORE...
IcedID Banker is Back, Adding Steganography, COVID-19 Theme
A new version of the IcedID banking trojan has debuted that notably embraces steganography - the practice of hiding code within images - in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims' web activity. Researchers at Juniper Threat Labs have uncovered an email spam campaign circulating in the United States spreading the malware. READ MORE...
Most Contact-Tracing Apps Fail Basic Security
Government agencies and private organizations that are developing contact-tracing applications to help citizens keep informed about their potential risk of infection have failed to provide adequate protections against compromise and hacking, mobile-application security firm Guardsquare stated in a report published on Thursday. The company analyzed 17 Android applications, looking for six different types of security countermeasures. READ MORE...
Cisco Webex, Router Bugs Allow Code Execution
Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems. Beyond Webex, the networking giant on Wednesday also patched a slew of bugs across several products, including its small business RV routers and TelePresence Collaboration Endpoint software. It's also investigating whether vulnerabilities affect other products. READ MORE...
- ...in 1865, the abolition of slavery is announced in Texas, two years after the Emancipation Proclamation. This day is still celebrated throughout the U.S. as Juneteenth.
- ...in 1910, the first Father's Day is celebrated in Spokane, Washington.
- ...in 1949, the first ever NASCAR race is held at Charlotte Motor Speedway.
- ...in 1978, Jim Davis's "Garfield", the world's most widely syndicated comic strip, makes its debut.