IT Security Newsletter

IT Security Newsletter - 7/10/2020

Written by Cadre | Fri, Jul 10, 2020

Zero-day flaw found in Zoom for Windows 7

A previously unknown flaw in the videoconferencing software Zoom could allow a hacker to remotely commandeer computers running old versions of the Microsoft Windows operating system, security researchers said Thursday. A hacker who successfully exploits the vulnerability could access files on the vulnerable computer, said Mitja Kolsek, chief executive of ACROS Security, the Slovenian cybersecurity firm that highlighted the issue. READ MORE...

Microsoft Warns on OAuth Attacks Against Cloud App Users

Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services without entering a password - using signed-in status on another, trusted service or website. READ MORE...

Honeywell Sees Rise in USB-Borne Malware That Can Cause Major ICS Disruption

Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems (ICS). Honeywell Industrial Cybersecurity this week published its 2020 USB Threat Report. The report is based on data collected over a period of 12 months by the company's Secure Media Exchange (SMX) USB security platform from oil and gas, energy, chemical, food, shipping, building, aerospace, pulp and paper, and manufacturing companies. READ MORE...

More evil: A deep look at Evilnum and its toolset

ESET has analyzed the operations of Evilnum, the APT group behind the Evilnum malware previously seen in attacks against financial technology companies. While said malware has been seen in the wild since at least 2018 and documented previously, little has been published about the group behind it and how it operates. In this article we connect the dots and disclose a detailed picture of Evilnum's activities. The group's targets remain fintech companies, but its toolset and infrastructure have evolved. READ MORE...

USB storage devices: Convenient security nightmares

There's no denying the convenience of USB media. From hard drives and flash drives to a wide range of other devices, they offer a fast, simple way to transport, share and store data. However, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare, with data leakage, theft, and loss all common occurrences. READ MORE...

Attackers are probing Citrix controllers and gateways through recently patched flaws

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins to apply them as soon as possible to reduce risk. At the time, there was no public attack code and no indication that any of the fixed flaws were getting actively exploited. On Thursday, though, SANS ISC's Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot. READ MORE...

Vulnerabilities in Popular Open Source Management Tool Expose Hospitals to Attacks

A dozen vulnerabilities have been found in OpenClinic GA, a popular open source hospital management system, including flaws that can be exploited to access sensitive information or install malware on the hosting server. OpenClinic GA is described as an "integrated hospital information management system covering management of administrative, financial, clinical, lab, x-ray, pharmacy, meals distribution and other data." READ MORE...

Popular home routers plagued by critical security flaws

A recent study of more than 100 consumer-grade routers from seven, mostly large vendors has found that nearly all tested routers are affected by scores of unpatched and often severe security flaws that leave the devices - and their users - at risk of cyberattacks. "[T]here is not a single device without known critical vulnerabilities," says the damning study, called Home Router Security Report 2020. READ MORE...

  • ...in 1850, Vice President Millard Fillmore is sworn in as the 13th president of the United States, following the death of Zachary Taylor the previous day.
  • ...in 1940, Germany begins the first in a three-and-a-half month series of bombing raids against the UK, known as the Battle of Britain.
  • ...in 1943, the U.S. 7th Army, led by General Patton, begins the invasion of Sicily.
  • ...in 1989, Mel Blanc, the voice of Bugs Bunny, Daffy Duck, Foghorn Leghorn, and Yosemite Sam, passes away at the age of 81.