<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 9/4/2019

Breaches_ITSEC-1

Data of 90K Mastercard Priceless Specials Members Shared Online

A database containing sensitive information of about 90,000 German Mastercard "Priceless Specials" loyalty program members shared online following a breach discovered on August 20 was added to data breach site Have I Been Pwned on September 1. The data was made available on the Internet after the breach, with customers' names, payment card numbers, partial credit card data, IP addresses, email addresses, phone numbers, gender, and dates of birth being included in the leaked info.

Malware_ITSEC

TrickBot adds new trick to its arsenal: tampering with trusted texts

Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users who have certain mobile carriers. According to a blog post that they published early last week, TrickBot can do this by “intercepting network traffic before it is rendered by a victim’s browser.” If you may recall, TrickBot, a well-known banking Trojan we detect as Trojan.TrickBot, was born from the same threat actors behind Dyreza, the credential-stealing malware our own researcher Hasherazade dissected back in 2015.

Hacking_ITSEC

New Toolkit Pushes Malware via Fake Program Update Alerts in 30 Languages

A new social engineering toolkit called Domen has been discovered that uses fake browser and program update alerts on compromised sites to infect users with malware and remote access software. Attackers using fake browser and flash player update alerts to spread malware is nothing new [1, 2, 3], but this new toolkit discovered by Malwarebytes researcher Jérôme Segura has a high level of sophistication and customization that allows it to adapt to different clients, browsers, and visitors.


WordPress Plugins Anchor Widespread Malvertising, Rogue Backdoor Campaign

A malvertising campaign redirecting website visitors and surfacing popups is plaguing the WordPress ecosystem, according to researchers, using known vulnerabilities in WordPress plugins as the attack vector. The campaign has been ongoing all summer, with cybercrooks bent on redirecting website visitors to malware and fraud sites, according to researchers at Wordfence; they’re targeting vulnerable websites with outdated WordPress plugin versions to inject malicious JavaScript into the front ends to perform the redirects.

Info_Security_ITSEC

Krebs on Security: Spam In your Calendar? Here’s What to Do.

Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application from Apple, Google and Microsoft. Here’s a brief primer on what you can do about it.


QR codes need security revamp, says creator

Museums use them to bring their paintings to life. Restaurants put them on tables to help customers pay their bills quickly. Tesco even deployed them in subway stations to help create virtual stores. QR codes have been around since 1994, but their creator is worried. They need a security update, he says. Engineer Masahiro Hara dreamed up the matrix-style barcode design for use in Japanese automobile manufacturing, but, as many technologies do, it took off as people began using it in ways he hadn’t imagined.

Software_ITSEC

Firefox now blocks third-party tracking cookies, cryptomining scripts by default

It took a lot of testing and tweaking, but Mozilla’s Firefox browser is finally being delivered with Enhanced Tracking Protection and a web-based cryptomining blocking feature on by default. Enhanced Tracking Protection (ETP) has been automatically set on by default in June, but only for users who downloaded and installed Firefox for the first time.

Exploits_ITSEC

Earn $2.5 million if you find a remote zero-day exploit for Android

Vulnerability broker Zerodium says it is now offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. Zerodium is not offering the considerable reward because it wants to make the Android operating system a safer environment. Instead it believes it can make a handsome profit by selling such an exploit to the likes of intelligence agencies and law enforcement bodies.