IT Security Newsletter - 7/20/2020
Twitter Hack Update: What We Know (and What We Don't)
Earlier this week, Twitter locked down thousands of verified accounts, including the accounts of Joe Biden, Bill Gates, Elon Musk, Apple, Uber and others, after it became clear that hackers had been able to compromise them. Twitter's internal investigation is ongoing, but the social-media giant did say that hackers had somehow compromised the company's internal systems and secured employee privileges. READ MORE...
Critical SIGred Windows DNS bug gets micropatch after PoCs released
The critical remote code execution security vulnerability in Windows DNS known as SIGRed has received a micropatch for servers without an Extended Security Updates (ESU) license. SIGRed can be exploited in a wormable fashion, allowing an adversary to expand their attack to all affected systems on the network without user interaction. It received the tracking number CVE-2020-1350 and the maximum severity score, 10 out of 10. READ MORE...
Magento adds 2FA to protect against card skimming attacks
Adobe has added two-factor authentication (2FA) throughout the Magento platform in response to the widespread number of attacks where skimmer scripts are deployed on hacked e-commerce sites to steal customers' credit cards. "Using 2FA security will better protect you from malicious users attempting to perform unauthorized logins in three different areas: Magento[.]com accounts, Cloud Admin, and the Magento Admin," Adobe says. READ MORE...
There's a reason your inbox has more malicious spam-Emotet is back
Emotet, the world's most costly and destructive botnet, returned from a five-month hiatus on Friday with a blast of malicious spam aimed at spreading a backdoor that installs ransomware, bank-fraud trojans, and other nasty malware. The botnet sent a hefty 250,000 messages during the day, mostly to people in the United States and the United Kingdom, Sherrod DeGrippo, senior director of threat research and detection at security firm Proofpoint, told Ars. READ MORE...
More Fake Cryptocurrency Apps Deliver GMERA Malware to Mac Users
Security researchers at ESET have identified a new campaign targeting Mac users with trojanized cryptocurrency trading apps designed to deliver the GMERA malware. Previous attacks involving this malware family were observed leveraging malicious versions of the trading app Stockfolio, and security researchers also associated the GMERA Trojan with the activities of North Korean hackers. READ MORE...
BadPower: Fast chargers can be modified to damage mobile devices
If you needed another reason not to use a charger made available at a coffeeshop or airport or by an acquaintance, here it is: maliciously modified fast chargers may damage your phone, tablet or laptop and set it on fire. Researchers from Tencent's Xuanwu Lab have demonstrated how some fast chargers may be easily and quickly modified to deliver too much power at once and effectively "overwhelm" digital devices: READ MORE...
- ...in 1903, the Ford Motor Company ships its first automobile.
- ...in 1932, Korean-American artist Nam June Paik, creator of the "Metrobot" sculpture outside Cincinnati's Contemporary Arts Center, is born in Seoul, South Korea.
- ...in 1965, Bob Dylan releases "Like a Rolling Stone".
- ...in 1969, Apollo 11's crew successfully lands on the Moon; Neil Armstrong and Buzz Aldrin are the first humans to set foot on its surface.
- ...in 1977, Vietnam is admitted to the United Nations.