IT Security Newsletter

IT Security Newsletter - 8/4/2020

Written by Cadre | Tue, Aug 4, 2020

DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns

The U.S. government publicly put forth information Monday that exposed malware used in Chinese government hacking efforts for more than a decade. The Chinese government has been using malware, referred to as Taidoor, to target government agencies, entities in the private sector, and think tanks since 2008, according to a joint announcement from the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the Department of Defense, and the FBI. READ MORE...

FBI sees surge in online shopping scams, FTC says most reports ever

The U.S. Federal Bureau of Investigation (FBI) today warned of an increased number of reports coming from victims of online shopping scams. The public service announcement, published on the agency's Internet Crime Complaint Center (IC3), says that the scam victims report that they found the scammers' websites either via direct searches on popular web search engines or through social media ads. READ MORE...

Netgear Won't Patch 45 Router Models Vulnerable to Serious Flaw

Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. While some of these models are outdated, other vulnerable router models were released just three years ago, prompting security experts to question the timeframe Netgear has chosen to support its own products. The remote code execution vulnerability allows network-adjacent attackers to bypass authentication on vulnerable Netgear routers - sans authentication. READ MORE...

GandCrab ransomware hacker arrested in Belarus

Law enforcement in Belarus has announced the arrest of a 31-year-old man who is alleged to have extorted more than 1000 victims with the infamous GandCrab ransomware in 2017 and 2018. He apparently demanded payments ranging from $400 to $1500 in Bitcoin. Unlike more targeted attacks where crooks break into networks first and directly infect them with ransomware later, the unnamed suspect is said to have gone after victims by the more traditional route of spamming out booby-trapped emails across the globe. READ MORE...

Analysis of 92 billion rejected emails uncovers threat actors' motivations

Two main trends ran throughout the analysis: the desire for attacker's monetary gain and a continued reliance on COVID-19-related campaigns, especially within certain vertical industries. One of the most significant observations was that threat actors are launching opportunistic and malware-based campaigns across multiple verticals at volumes at an alarming rate. The report also forecasts what types of attacks will likely spike in the next six months. READ MORE...

Legacy Programming Languages Pose Serious Risks to Industrial Robots

Researchers at the Polytechnic University of Milan and cybersecurity firm Trend Micro have analyzed some of the most popular industrial programming languages and showed how they can open the door to attacks against robots and other programmable manufacturing machines. They have developed a worm to demonstrate the severity of their findings. The researchers analyzed programming languages from ABB, Comau, Denso, Fanuc, Kawasaki, Kuka, Mitsubishi, and Universal Robots. READ MORE...

Newsletter plugin bugs let hackers inject backdoors on 300K sites

Owners of WordPress sites who use the Newsletter plugin are advised to update their installations to block attacks that could use a fixed vulnerability allowing hackers to inject backdoors, create rogue admins, and potentially take over their websites. The vulnerability was found in the Newsletter WordPress plugin that provides the tools needed to create responsive newsletter and email mail marketing campaigns on WordPress blogs using a visual composer. READ MORE...

Meetup vulnerabilities enabled group takeovers, payment redirections

Two high-risk vulnerabilities in Meetup, a popular online service that's used to create groups that host local in-person events, allowed attackers to easily take over any Meetup group, access all group functions and assets, and redirect all Meetup payments/financial transactions to their PayPal account (some Meetup events are free, but some are not). What's more, attackers could create a worm to take over all meetings on the site - including private ones - and do all of these things. READ MORE...

Ransomware Feared as Possible Saboteur for November Election

Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn't just from foreign governments, but any fortune-seeking criminal. Ransomware attacks targeting state and local governments have been on the rise, with cyber criminals seeking quick money by seizing data and holding it hostage until they get paid. READ MORE...

Hackers Could Target Organizations via Flaws in Mitsubishi Factory Automation Products

High-severity vulnerabilities found by researchers in Mitsubishi Electric factory automation products can be exploited to remotely attack organizations. According to advisories published last week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), tens of factory automation products from Mitsubishi Electric are affected by three flaws that can be exploited for privilege escalation, arbitrary code execution and DoS attacks. READ MORE...

  • ...in 1914, President Woodrow Wilson and the U.S. declare neutrality in World War I.
  • ...in 1953, President Dwight D. Eisenhower warns U.S. Governors that the U.S. could be drawn into a war in Vietnam.
  • ...in 2007, NASA launches the Phoenix Mars probe to investigate the Martian surface for evidence of water and microbial life.
  • ...in 2011, Paul McCartney performs a live concert at Great American Ball Park in Cincinnati, Ohio.