<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/5/2020

SHARE

Top News

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps. "Location data can be extremely valuable and must be protected," an advisory published on Tuesday stated. READ MORE...

Hacking

Business email compromise: gunning for goal

The evergreen peril of business email compromise (BEC) finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million. Somebody compromised a Managing Director's email after they logged into a phishing portal via bogus email. Fake accounts set up during the transfer window to buy and sell players provided the required opening. They inserted themselves into the conversations with ease. READ MORE...

Software Updates

Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates

Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities. According to Google, the most serious flaw patched this month is a high-severity issue in the Framework component that can be exploited by a remote attacker to execute arbitrary code in the context of an unprivileged process using a malicious file. READ MORE...

Malware

NetWalker Ransomware Rakes in $29M Since March

The NetWalker ransomware has been around for about a year, but it has really made a name for itself in 2020, racking up around $29 million in extortion gains just since March. First detected in August 2019, NetWalker lingered around before surging in use in March through June, according to an analysis from McAfee Advanced Threat Research (ATR). The uptick coincided with the implementation of a robust ransomware-as-a-service (RaaS) model, which has been attracting technically advanced criminal affiliates. READ MORE...


A Cyber 'Vigilante' is Sabotaging Emotet's Return

The banking trojan Emotet has returned after a five-month hiatus. But, in an amusing twist, one cyber vigilante is thwarting the malware's comeback. Researchers say a mysterious vigilante is fighting the threat actors behind the malware's comeback by replacing malicious Emotet payloads with whimsical GIFs and memes. "What our vigilante hero is doing is they're going around finding those WordPress installs where the Emotet payload has been hosted," Sherrod DeGrippo told Threatpost. READ MORE...

Information Security

Federal Program Offers New Cybersecurity Tool for Elections

State and local officials are receiving additional tools from the federal government to help defend the nation's election systems from cyberthreats ahead of the November vote, as intelligence officials continue to warn about foreign efforts to interfere in the U.S. election. Under a $2.2 million pilot program that began in March, the Department of Homeland Security's cybersecurity agency in partnership with the Center for Internet Security has been deploying software to election offices. READ MORE...

Exploits/Vulnerabilities

Hackers can abuse Microsoft Teams updater to install malware

Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location. Previous efforts from Microsoft to eliminate this hazard work to an extent but cannot stop attackers from abusing Teams to plant and run their payloads. A patch for the new method is unlikely to emerge, as Microsoft labeled this a design flaw and a fix would have a negative impact on some customers' operations. READ MORE...


FBI: Networks exposed to attacks due to Windows 7 end of life

The U.S. Federal Bureau of Investigation (FBI) has warned private industry partners of increased security risks impacting computer network infrastructure because of devices still running Windows 7 after the operating system reached its end of life on January 14. "The FBI has observed cybercriminals targeting computer network infrastructure after an operating system achieves end of life status," the FBI said in a private industry notification (PIN) issued yesterday. READ MORE...


Vulnerabilities in Protocol Gateways Can Facilitate Attacks on Industrial Systems

Vulnerabilities found in protocol gateway devices can facilitate stealthy attacks on industrial systems, enabling threat actors to obtain valuable information and sabotage critical processes. Protocol gateways are small devices designed to ensure that various types of IT and OT devices can communicate with each other even if they use different protocols. READ MORE...

On This Date

  • ...in 1858, the first transatlantic telegraph cable is completed.
  • ...in 1884, the cornerstone for the Statue of Liberty is laid on the former Bedloe's Island (now Liberty Island) in New York Harbor.
  • ...in 1914, the first electric traffic signal lights are installed in Cleveland, Ohio.
  • ...in 1926, magician and escape artist Harry Houdini performs his greatest feat, apparently spending 91 minutes in a sealed underwater tank before escaping.