<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 9/9/19


GootKit Malware Bypasses Windows Defender by Setting Path Exclusions

As Windows Defender matures and becomes tightly integrated into Windows 10, malware writers are creating techniques to evade its detection. Such is the case with the GootKit banking Trojan, which use a UAC bypass and WMIC commands to exclude the malware executable from being scanned by Windows Defender Antivirus. GootKit is a banking Trojan that attempts to steal the online banking credentials of infected users through video capture and redirects to fake banking sites under the attacker's control. An interesting aspect of this infection is that it is a Node JS application packaged into an executable.


DDoS Attack Forces Wikipedia Offline

Wikipedia was forced offline in several countries over the weekend after a coordinated DDoS attack. A statement from the Wikimedia Foundation on Saturday claimed the company’s Site Reliability Engineering team was working flat out to stop the attack and restore services to customers. “As one of the world’s most popular sites, Wikipedia sometimes attracts ‘bad faith’ actors. Along with the rest of the web, we operate in an increasingly sophisticated and complex environment where threats are continuously evolving,” it said.

Symantec finds a 'new' Chinese hacking group has actually been around for a decade

A Chinese cyber-espionage group that Symantec first exposed last June may actually be part of another group that has already been discovered, according to the company’s researchers. The group, which Symantec last labeled as “Thrip,” have attacked targets in 12 organizations in Hong Kong, Macau, Indonesia, Malaysia, the Philippines and Vietnam since it was first identified. Additionally, researchers say it has returned with a new custom-built tool.

Over $37 Million Lost by Toyota Boshoku Subsidiary in BEC Scam

Toyota Boshoku Corporation, a car components manufacturer member of the Toyota Group, announced today that one of its European subsidiaries lost more than $37 million following a business email compromise (BEC) attack. The company mentions in a press release published earlier today "a recent case involving fraudulent payment directions from a malicious third party that has resulted in a financial loss at our European subsidiary." The expected financial loss following the incident that took place on August 14 is of roughly 4 billion yen maximum (as of 5 September), which translates to $37,472,000 (or €33,904,000).

Hackers who hit Texas with ransomware attack demanded $2.5 million, got nothing

In the early morning of Friday August 16th 2019, hackers managed to infiltrate the networks of 22 local government organisations in Texas via a third-party services provider, planting ransomware that encrypted data and disrupting business-critical services. The hackers’ demand? A cool $2.5 million for the decryption keys to unlock the data. It was the latest in a brutal wave of ransomware attacks that have blighted US cities this year, and have even led some states to declare a state of emergency.


Facebook launches $10m deepfake detection project

If you’re worried about the malevolent potential of deepfake video, you’re not alone – so is Facebook. The company has launched a project to sniff out deepfake videos, and it’s pledging more than $10m to the cause. It has pulled in a range of partners including Microsoft for help. Deepfakes are videos that use AI to superimpose one person’s face on another. They work using generative adversarial networks (GANs), which are battling neural networks. One of the networks focuses on producing a lifelike image. The other network checks the first network’s output by matching it against real-life images. If it finds inconsistencies, the first network has another go at it. This keeps happening until the second network can’t find any more mistakes.


Exploit for wormable BlueKeep Windows bug released into the wild

For months, security practitioners have worried about the public release of attack code exploiting BlueKeep, the critical vulnerability in older versions of Microsoft Windows that’s “wormable,” meaning it can spread from computer to computer the way the WannaCry worm did two years ago. On Friday, that dreaded day arrived when the Metasploit framework—an open source tool used by white hat and black hat hackers alike—released just such an exploit into the wild.

WordPress 5.2.3 fixes new clutch of security vulnerabilities

WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements. It doesn’t look as though any of the flaws have been publicly disclosed or identified with CVEs, but admins who are confident about compatibility will still want to apply it. As usual, the dominant theme is fixing cross-site scripting (XSS) issues, including two reported by Simon Scannell of RIPS Technologies, who was credited with discovering the major cross-site request forgery (CSRF) flaw fixed in March 2019’s WordPress 5.1.1.