<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 8/29/2019


Google Play apps with 1.5 million downloads drained batteries and slowed devices

Researchers have discovered two Google Play apps with more than 1.5 million downloads engaging in a new form of click fraud that drained batteries, slowed performance, and increased mobile data usage on infected phones. The apps—a notepad app called "Idea Note: OCR Text Scanner, GTD, Color Notes" and a fitness app with the title "Beauty Fitness: daily workout, best HIIT coach"—carried out the stealthy form of fraud for almost a year until it was discovered by researchers at security firm Symantec. 

Dangerous Cryptomining Worm Racks Up 850K Infections, Self-Destructs

A French and U.S. law-enforcement effort has neutralized 850,000 infections by a cryptomining worm known as Retadup, by causing the threat to destroy itself. The worm has been distributing the malicious XMRig cryptocurrency miner to computers running the Windows operating system, mostly in Latin America. The general functionality of the mining payload is fairly standard, according to Avast, which led the research into the threat and assisted the authorities in the defense effort.

TrickBot Targets Verizon, T-Mobile, Sprint Users to Siphon PINs

The TrickBot malware, known previously for targeting U.S. banks, is now setting a bullseye on users of U.S.-based mobile carriers, including Verizon Wireless, T-Mobile and Sprint, to launch SIM swapping attacks. Researchers with Dell’s Secureworks research team warned that they have observed the malware leveraging a new module that manipulates web sessions for already-infected systems, in order to inject code into websites specifically for U.S. mobile carriers.


New Botnet Targets Android Set-Top Boxes

A newly discovered internet-of-things (IoT) botnet has been interfering with Android OS-based set-top boxes (STBs). Ares was uncovered by device cybersecurity company WootCloud, which named it for the Greek god of war – not after Athena, who represents military strategy and generalship and is the goddess of intelligence, but after Ares, who is associated with the untamed physical and violent aspects of warfare. Uh-oh. 


Defense Takeaways from Three Adversary Playbooks

In these days of advanced threats, the perimeter defense strategy – though still useful and necessary – is incomplete. IT security teams need as much information about existing threats as possible, so they know what to look for and how to position proactive countermeasures. Creating and using adversary playbooks that dive-deep into current threats help in this endeavor.

The Great, Big Ransomware Revival

Yesterday McAfee Labs released a report on the cyber-threat landscape during the first quarter of 2019. Researchers recorded a worrying 118% growth in new ransomware samples, along with innovative changes in the codes and tactics used to execute it. While spear-phishing remained popular, the ransomware currently going through a resurgence increasingly targets exposed remote access points like Remote Desktop Protocol (RDP).


Video captures glitching Mississippi voting machines flipping votes

“It is not letting me vote for who I want to vote for,” a Mississippi voter said in a video that shows him repeatedly pushing a button on an electronic touch-screen voting machine that keeps switching his vote to another candidate. On Tuesday morning, the date of Mississippi’s Republican primary election for governor, the video was posted to Twitter.