<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/20/2019



$11M Email Scam at Caterpillar Pinned to Nigerian Businessman

A Nigerian national that was on Forbes' list of the most promising entrepreneurs in Africa stands accused of business email compromise fraud that stole $11 million from one victim alone. Obinwanne Okeke is the founder of Invictus Group, involved in construction, agriculture, oil and gas, telecoms and real estate, according. In 2016, Forbes added him to its "Africa's 30 under 30" young business owners.

Twitter, Facebook Turn Off Hundreds of Accounts Linked to Chinese Disinformation about Hong Kong Protests

Twitter and Facebook officials said on Monday that they have shut down hundreds of accounts linked to the Chinese government and used to spread misinformation about pro-democracy protests in Hong Kong. In a statement, Twitter officials said they had identified 936 accounts that were coordinating attacks on the protest movement and its leaders.


Ransomware strike takes down 23 Texas local government agencies

Early on August 16, a total of 23 local government organizations in Texas were hit by a coordinated ransomware attack. The type of ransomware has not been revealed, and Texas officials asserted that no state networks were compromised in the attack. A spokesman for the Texas Department of Information Resources (TDIR) told Ars that authorities are not ready to reveal the names of the entities affected, nor other details of the attack.

Hackers Use Fake NordVPN Website to Deliver Banking Trojan

The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics. While previously they hacked legitimate websites to hijack download links infected with malware, the hackers are now creating website clones to deliver banking Trojans onto unsuspecting victims' computers.

Open Source-Based Ransomware Targets Fortnite Players

A new ransomware family specifically targeting users of the Fortnite game is based on the open source Hidden-Cry malware, Cyren’s security researchers have discovered. Fortnite is a highly popular game with a user base of over 250 million gamers worldwide, millions of which have recently attempted to qualify in the just-concluded Fortnite World Cup that had tens of millions of dollars in prizes.


VLC users urged to implement latest security update

VLC, the popular cross-platform media player, has reached version 3.0.8, which fixes over a dozen security vulnerabilities, some of which could be exploited by attackers to achieve code execution on victims’ machines. VLC is an extremely popular piece of software that started as an academic project. It’s free and open-source and is available for Windows, macOS, Linux, Android, Chrome OS, iOS, Apple TV, and Windows Phone. 


Facebook Adds Instagram to Data Abuse Bug Bounty Program

Facebook has announced an expansion to its bug bounty program covering third-party apps that abuse user data, to include the Instagram ecosystem. First launched in 2018 in response to the Cambridge Analytica scandal, the Data Abuse Bounty program works by “incentivizing anyone to report apps collecting user data and passing it off to malicious parties to be exploited.”

Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers

Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers. Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure.

Google Nest Security Cam Bugs Allow Device Takeover

Multiple vulnerabilities in Google’s Nest Cam IQ connected indoor security camera would allow an attacker on the same network to take over the device, execute code on it and/or take it offline. Nest Labs’ Cam IQ Indoor integrates security-enhanced Linux in Android, Google Assistant and facial recognition all into a compact security camera, according to Cisco Talos, whose Lilith Wyatt and Claudio Bozzato discovered the bugs.