IT Security Newsletter

IT Security Newsletter - 7/27/2020

Written by Cadre | Mon, Jul 27, 2020

Hackers actively exploit high-severity networking vulnerabilities

Hackers are actively exploiting two unrelated high-severity vulnerabilities that allow unauthenticated access or even a complete takeover of networks run by Fortune 500 companies and government organizations. The most serious exploits are targeting a critical vulnerability in F5's Big-IP advanced delivery controller, a device that's typically placed between a perimeter firewall and a Web application to handle load balancing and other tasks. READ MORE...

Dave data breach affects 7.5 million users, leaked on hacker forum

Overdraft protection and cash advance service Dave has suffered a data breach after a database containing 7.5 million user records was sold in an auction and then released later for free on hacker forums. Dave is a fintech company that allows users to link their bank accounts and receive cash advances for upcoming bills to avoid overdraft fees. Subscribers who need extra money to pay a bill can get a payday loan up to $100, but cannot receive another loan until it is repaid. READ MORE...

Source code from dozens of companies leaked online

Source code from exposed repositories of dozens of companies across various fields of activity (tech, finance, retail, food, eCommerce, manufacturing) is publicly available as a result of misconfigurations in their infrastructure. A public repository of leaked code includes big names like Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hisilicon (owned by Huawei), Mediatek, GE Appliances, Nintendo, Roblox, Disney, Johnson Controls, and the list keeps growing. READ MORE...

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data

An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by attackers in the wild. For the moment, it seems that it is being used just to read LUA source files, but it can be used to view files that may contain information such as WebVPN configuration, bookmarks, web cookies, partial web content, and HTTP URLs. READ MORE...

Cerberus Android malware source code offered for sale for $100,000

The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money. The price includes everything from source code to customer list along with installation guide and the scripts to make components work together. For at least one year, the group behind Cerberus advertised their business and rented the malicious bot for up to $12,000 per year. READ MORE...

FBI Issues Alert on Use of Chinese Tax Software

The Federal Bureau of Investigation has issued an alert to inform organizations in the United States of the risk associated with the use of Chinese tax software. In late June, security researchers at Trustwave published a report on a piece of malware that was dropped into the environment of an organization doing businesses in China through tax software that is mandatory in the country. READ MORE...

Email Security Features Fail to Prevent Phishable 'From' Addresses

Three standards for email security that are supposed to verify the source of a message have critical implementation differences that could allow attackers to send emails from one domain and have them verified as sent from a different - more legitimate-seeming - domain, says a research team who will present their findings at the virtual Black Hat conference next month. Researchers have discovered 18 different ways of fooling the triumvirate of email technologies for a subset of email services. READ MORE...

  • ...in 1921, at the University of Toronto, scientists Frederick Banting and Charles Best successfully isolate insulin for the first time.
  • ...in 1940, Bugs Bunny first appears on the silver screen in "A Wild Hare."
  • ...in 1949, the world's first jet-propelled airliner, the British De Havilland Comet, makes its maiden test-flight in England.
  • ...in 1953, the United States, the People's Republic of China, North Korea, and South Korea agree to an armistice, bringing the Korean War to an end.