IT Security Newsletter

IT Security Newsletter - 9/26/2019

Written by Cadre | Thu, Sep 26, 2019

Magecart Group Targets Routers Behind Public Wi-Fi Networks

A faction of the Magecart threat group is testing code that targets routers used to provide free or paid Wi-Fi services in public spaces and hotels. If successful, attackers would able to compromise these commercial-grade routers and be able to siphon payment data of users joining Wi-Fi networks at airports, coffee shops, hotels and other public facilities.

Employees are mistakenly confident that they can spot phishing emails

While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn’t take the basic step of changing their passwords following a breach.

Hackers are infecting WordPress sites via a defunct plug-in

If you’re a WordPress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now. The now-defunct plug-in has a major vulnerability that allows malvertisers to infect sites running WordPress and redirect visitors to other sites. Rich Reviews is a WordPress plugin that lets sites manage reviews internally in WordPress, and also displays Google display reviews for a business underneath a search result.

‘Narrator’ Windows Utility Trojanized to Gain Full System Control

A suspected Chinese advanced persistent threat (APT) group has been spotted attacking tech companies using a trojanized screen-reader application, replacing the built-in Narrator “Ease of Access” feature in Windows. The attackers also deploy a version of the open-source malware known as the PcShare backdoor to gain an initial foothold into victims’ systems.

VMware Patches Critical Harbor Vulnerability

VMware this week released patches to address a critical vulnerability in Harbor, which was found to impact VMware Cloud Foundation and VMware Harbor Container Registry for PCF. Harbor is an open source registry project for storing, signing and scanning container images for vulnerabilities. It integrates with Docker Hub, Docker Registry, Google Container Registry, and more, and allows users to easily download, upload, and scan images.