IT Security Newsletter

IT Security Newsletter - 6/4/2020

Written by Cadre | Thu, Jun 4, 2020

Office 365 users: Beware of fake company emails delivering a new VPN configuration

Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. "The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access." READ MORE...

Nuclear missile contractor hacked in Maze ransomware attack

The US is protected by what's known as a nuclear triad: a three-pronged attack force that consists of land-launched nuclear missiles, nuclear missiles on submarines, and aircraft equipped with nuclear bombs and missiles. One of the triad's legs - the land-based LGM-30 Minuteman intercontinental ballistic missile (ICBM) - has been kicked by hackers who've inflicted Maze ransomware on the computer network of a Northrup Grumman contractor. READ MORE...

Coincheck cryptocurrency exchange targeted by hackers, customer emails exposed

Japanese cryptocurrency exchange Coincheck has announced that earlier this week hackers managed to access some emails sent to the firm by its customers. Reading (with a little help from Google Translate) press announcement, it appears an attacker accessed the DNS records for the coincheck[.]com domain at the firm's third-party domain registrar, and was able to change the records to forward incoming emails to the hackers. READ MORE...

ZLoader-Laced Emails Masquerade As CVs From Job-Seekers

Cybercriminals are taking advantage of the massive uptick in unemployment across the U.S. in a recent spear-phishing campaign, which purports to be CVs sent from job-seekers - but actually spreads banking credential-stealing malware. Researchers recently uncovered emails that distributed malicious files masquerading as resumes and CVs. The files, attached in Microsoft Excel format, were sent via email with subject lines such as: "applying for a job" or "regarding job." READ MORE...

Denial of service attacks against advocacy groups skyrocket

Distributed denial-of-service attacks against advocacy organizations increased by 1,120% since a Minneapolis police officer killed George Floyd by kneeling on his neck, sparking demonstrations throughout the U.S. n figures published Tuesday, the internet security firm Cloudflare said it blocked more than 135 billion malicious web requests against advocacy sites, compared to less than 30 million blocked requests against U.S. government websites, such as police and military organizations. READ MORE...

Zoom has partially fixed two new flaws, with other security hurdles ahead

Cisco Talos researchers recently uncovered two new flaws in Zoom that could allow attackers to execute arbitrary code on users' computers, according to research published Wednesday. Zoom has partially fixed the vulnerabilities, according to Cisco Talos. The cybersecurity company said it worked with Zoom on addressing the flaws. It's the latest set of security bugs discovered in Zoom, a teleconferencing company whose software has come under heightened scrutiny in recent months. READ MORE...

Netwalker ransomware continues assault on US colleges, hits UCSF

The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers. UCSF is a research university located in San Francisco, California, and is entirely focused on health sciences. According to the U.S. News & World Report's college rankings, UCSF ranks #2 in medical schools for research and #6 in best medical schools for primary care. READ MORE...

Researchers Dive Into Evolution of Malicious Excel 4.0 Macros

For more than five months, Lastline security researchers have tracked the evolution of malicious Excel 4.0 (XL4) macros, observing the fast pace at which malware authors change them to stay ahead of security tools. A central part of many organizations' productivity tools, Excel opens the door for phishing attacks where victims are tricked into enabling macros in malicious documents, which can results in the attackers gaining a foothold on the network, in preparation for additional activities. READ MORE...

Bruteforce malware probes login for popular web platforms

An aggressive tool hitting a sizable number of popular web services and platforms is trying to bruteforce its way in with login combinations obtained from parsing metadata from the target. The malware looks for various systems for managing content, databases, and file transfers as well as backup files and administrator login paths. In an analysis published today, Akamai Security Researcher Larry Cashdollar provides technical details on a piece of malware that is similar to Stealthworker. READ MORE...

Sophisticated Info-Stealer Targets Air-Gapped Devices via USB

The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices. Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes) has been targeting governments in Southeast Asia since 2013, according to analysis from Kaspersky, and has been steadily adding more sophisticated tools over time. In the case of USBCulprit, it has been deployed against targets in Vietnam, Thailand and Laos, according to the firm. READ MORE...

  • ...in 1896, Henry Ford completes the Ford Quadricycle, the very first internal-combustion powered automobile.
  • ...in 1919, the 19th Amendment is passed by Congress, guaranteeing women's right to vote.
  • ...in 1942, the Battle of Midway begins on the western end of the Hawaiian archipelago.
  • ...in 1989, the Chinese army is sent in to break up the seven-week long Tiananmen Square demonstrations in Beijing, leaving at least 241 student activists confirmed dead.