<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/22/2020

SHARE

Top News

Almost 8,000 could be affected by federal emergency loan data breach

Almost 8,000 business owners who applied for a loan from the Small Business Administration may have had their personal information exposed to other applicants, the SBA admitted on Tuesday. The breach relates to a long-standing SBA program called Economic Injury Disaster Loans (EIDL). It has traditionally been used to aid owners whose businesses are disrupted by hurricanes, tornadoes, or other disasters. READ MORE...


RCE Exploit Released for IBM Data Risk Manager, No Patch Available

Four serious security vulnerabilities in the IBM Data Risk Manager (IDRM) have been discovered that can lead to unauthenticated remote code execution (RCE) as root, according to analysis - and a proof-of-concept exploit is available for version 2.0.3. However, IBM has not yet patched the problem. IDRM is a software platform that aggregates threat data from disparate security systems, in order to perform enterprise security risk analysis. READ MORE...

Hacking

FBI warns of COVID-19 phishing targeting US health providers

The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments. "On 18 March 2020, network perimeter cybersecurity tools associated with US-based medical providers identified email phishing attempts from domestic and international IP addresses," the FBI says in a flash alert coordinated with the DHS Cybersecurity and Infrastructure Security Agency (CISA). READ MORE...


Hackers posed as Egyptian oil contractor in apparent spy campaign ahead of OPEC meeting

Hackers are trying to infect organizations throughout the world with a popular strain of malware by sending emails that appear to be from an Egyptian oil company. In research published Tuesday, Romanian antivirus company BitDefender noted a surge in attempted phishing attacks that try to trick users into downloading malware by masquerading as Enppi, an oil company owned by the Egyptian government. READ MORE...

Malware

New Coronavirus screenlocker malware is extremely annoying

A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds. Screenlockers are malware programs that display a lock screen when logging into Windows so that you cannot access the Windows desktop or interact with your installed programs and files. READ MORE...


DoppelPaymer Ransomware hits Los Angeles County city, leaks files

The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted. The attackers are demanding a 100 bitcoin ($689,147) ransom for a decryptor, to take down files that have been publicly leaked, and to not release more stolen files. READ MORE...

Exploits/Vulnerabilities

Multiple vulnerabilities discovered in smart home devices

ESET researchers found serious security vulnerabilities in three different home hubs: Fibaro Home Center Lite, HomeMatic Central Control Unit (CCU2) and eLAN-RF-003. Some of the flaws could be misused by an attacker to perform MitM attacks, eavesdrop on the victim, create backdoors, or gain root access to some of the devices and their contents. In worst case scenarios, these issues could even allow attackers to take control over the central units and all peripheral devices connected to them. READ MORE...


Flaw Could Have Allowed Hackers to Identify All Zoom Users in a Company

A vulnerability in Zoom's video conferencing service could have been abused to enumerate all of the registered Zoom users within an organization, Cisco Talos reports. Zoom has drawn a lot of attention over the past several weeks, especially since many organizations have asked employees to work from home during the current COVID-19 pandemic, and, for many, Zoom has become the main option for internal communication. READ MORE...


High-Severity Vulnerability in OpenSSL Allows DoS Attacks

An update released on Tuesday for OpenSSL patches a high-severity vulnerability that can be exploited for denial-of-service (DoS) attacks. The OpenSSL Project, which tracks the flaw as CVE-2020-1967, has described it as a "segmentation fault" in the SSL_check_chain function. The vulnerability impacts OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f, and it has been patched with the release of version 1.1.1g. READ MORE...

On This Date

  • ...in 1793, President George Washington proclaims American neutrality in the European wars following the French Revolution.
  • ...in 1970, the first Earth Day is celebrated.
  • ...in 1976, Barbara Walters becomes the first female nightly news anchor on network television.
  • ...in 1978, The Blues Brothers make their debut as the musical guest on Saturday Night Live.