IT Security Newsletter - 6/26/2020
Chinese bank requires foreign firm to install app with covert backdoor
A large, multinational technology company got a nasty surprise recently as it was expanding its operations to China. The software a local bank required the company to install so it could pay local taxes contained an advanced backdoor. The cautionary tale, detailed in a report published Thursday, said the software package worked as advertised. Behind the scenes, it also installed a separate program that covertly allowed its creators to remotely execute commands or software of their choice on the infected computer. READ MORE...
Krebs on Security: New Charges, Sentencing in Satori IoT Botnet Conspiracy
The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced today to drug treatment and 18 months community confinement for his admitted role in the botnet conspiracy. READ MORE...
Hackers hide credit card stealing scripts in favicon EXIF data
Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon image to evade detection. A common attack used to steal credit cards is to hack the website and inject malicious JavaScript scripts that steal submitted payment information when a customer makes a purchase. READ MORE...
Golang Worm Widens Scope to Windows, Adds Payload Capacity
A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware, researchers said. The malware itself was first uncovered about a year ago, and is a loader that spreads as a worm READ MORE...
Find a PlayStation 4 vulnerability and earn over $50,000
Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network? If so, you could be heading towards a sizeable sum of money. That's because Sony announced details of a new bug bounty program that it is running in co-ordination with vulnerability-reporting platform HackerOne. Sony is inviting security researchers, gamers and anyone else who is interested to "test the security of PlayStation 4 and PlayStation Network." READ MORE...
- ...in 1906, the first Grand Prix motor race is held at Le Mans.
- ...in 1948, Shirley Jackson's short story "The Lottery" is first published in The New Yorker magazine.
- ...in 1948, the Berlin airlift begins, in response to the Soviet Union's blockade of supply routes into West Berlin.
- ...in 1963, President Kennedy gives his famous "Ich bin ein Berliner" speech in support of democratic West Germany.