IT Security Newsletter - 7/9/2020
Microsoft neuters Office 365 account attacks that used clever ruse
Microsoft has neutered a large-scale fraud campaign that used knock-off domains and malicious apps to scam customers in 62 countries around the world. The software maker and cloud-service provider last week obtained a court order that allowed it to seize six domains, five of which contained the word "office." The company said attackers used them in a sophisticated campaign designed to trick CEOs and other high-ranking business leaders into wiring large sums of money to attackers rather than trusted parties. READ MORE...
15 Billion Credentials Currently Up for Grabs on Hacker Forums
Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums - shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday - "From Exposure to Takeover" by the Digital Shadows Photon Research Team - found that 100,000 separate data breaches over a two-year period have yielded a 300 percent increase in stolen credentials. READ MORE...
Evilnum hackers use the same malware supplier as FIN6, Cobalt
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for big fintech threat actors. The group has been active since at least 2018 and focuses on companies from the financial technology sector that offer trading and investment platforms. READ MORE...
Joker Android malware keeps evading Google Play Store defenses
The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google's official Android app store. Android applications infected with Joker malware, a spyware and premium dialer tool also known as Bread and tracked since 2017, were originally designed to perform SMS fraud. More recently, Joker's creators have moved to new tactics after Google introduced new Play Store policies. READ MORE...
We found yet another phone with pre-installed malware via the Lifeline Assistance program
We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. This time, an ANS (American Network Solutions) UL40 running Android OS 7.1.1. After our writing back in January-"United States government-funded phones come pre-installed with unremovable malware"-we heard an outcry from Malwarebytes patrons. READ MORE...
Powerful Conti Ransomware Emerges
A new ransomware family packs multiple unique features, including to improve performance and give its operators the option to only target networked SMB shares, VMware-owned Carbon Black reveals. Dubbed Conti, the malware improves performance through the use of "up to 32 simultaneous encryption efforts," and is likely directly controlled by its operators, which means that it can target network-based resources and skip local files, similarly with what the Sodinokibi ransomware can do. READ MORE...
Mozilla turns off "Firefox Send" following malware abuse reports
What do you do when you need to send a file to someone you don't interact with a lot? Many of us use email attachments for small files, because it's quick and easy to share modest amounts of data that way. Sure, the attachment will probably lie around in the recipient's mailbox for days, or months, or even years, which might not be quite what you had in mind… READ MORE...
Advertising Plugin for WordPress Threatens Full Site Takeovers
The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. The plugin's author, Tunafish, has rolled out a patched version (v.1.5.6), which site owners should update to as soon as possible. No CVE was issued. READ MORE...
- ...in 1850, President Zachary Taylor dies of cholera.
- ...in 1877, the first Wimbledon tennis tournament begins.
- ...in 1941, British intelligence breaks the five-wheel Enigma key, allowing the Allies to intercept all secret German communications.
- ...in 1947, Army Nursing Corps superintendaent Florence Blanchfield is given the rank of Lt. Colonel, making her the US military's first female officer.