IT Security Newsletter

IT Security Newsletter - 9/25/2019

Written by Cadre | Wed, Sep 25, 2019

Russian hackers go after diplomatic targets in Eastern Europe and Central Asia

After adapting their code, a group of Russian-government-linked hackers last month launched a phishing campaign against embassies and foreign affairs ministries of countries in Eastern Europe and Central Asia, researchers said Tuesday. The hackers, dubbed Sednit by Slovakian cybersecurity company ESET, haven’t been too discreet in their attempts to breach the diplomatic organizations.

Inside the campaign that tried to compromise Tibetans’ iOS and Android phones

Attackers from a group dubbed Poison Carp used one-click exploits and convincing social engineering to target iOS and Android phones belonging to Tibetan groups in a six-month campaign, researchers said. The attacks used mobile platforms to achieve a major escalation of the decade-long espionage hacks threatening the embattled religious community, researchers said. The report was published on Tuesday by Citizen Lab, a group at the University of Toronto's Munk School that researches hacks on activists, ethnic groups, and others.

Fake Employment Site Created to Target Veterans With Malware

A fake web site pretending to be an organization that offers job opportunities for U.S. veterans is distributing malware that let's the attackers gain full control over a victim's computer. Researchers from the Cisco Talos Group have a found a web site that pretends to be the organization called HMH, or Hire Military Heroes, that offers a desktop application that veterans can use for job opportunities.

CafePress finally warns customers that it was hacked

Online merchandise retailer CafePress, used by millions of people to host an online store where they can sell custom-designed t-shirts, mugs, stickers, and more, has finally informed its customers that its systems were hacked and their personal details stolen. 23,205,290 unique email addresses are thought to have been stolen by hackers from CafePress’s systems alongside passwords weakly stored as base64 SHA-1 encoded hashes.

Magecart web skimming group targets public hotspots and mobile users

One of the web skimming groups that operate under the Magecart umbrella has been testing the injection of payment card stealing code into websites through commercial routers like those used in hotels and airports. The group has also targeted an open-source JavaScript library called Swiper that is used by mobile websites and apps.

Hacker Releases Exploit for vBulletin Zero-Day Vulnerability

A hacker has released an exploit for an unpatched remote command execution vulnerability affecting the vBulletin forum software. A proof-of-concept (PoC) exploit for the zero-day was published on the Full Disclosure mailing list by an individual who wanted to remain anonymous. It’s unclear why they have decided to release the information before vBulletin developers could create a patch.

Adobe Fixes Critical Security Vulnerabilities in Coldfusion

Adobe released security updates for three vulnerabilities in ColdFusion. Two of these vulnerabilities are rated as Critical as they allow code execution and can bypass access controls. The other is an labeled critical as it allows information disclosure. The more critical issue is the code execution vulnerability as it could potentially allow for the takeover of a server. To resolve these vulnerabilities, Adobe suggests that users update to ColdFusion 2018 Update 5 and ColdFusion 2016 Update 12.