IT Security Newsletter - 7/6/2020
E.U. Authorities Crack Encryption of Massive Criminal and Murder Network
European law-enforcement officials have shut down an encrypted Android-based communications platform used exclusively by criminals to plot murders, traffic illegal drugs, commit money laundering and plan other organized crimes. An international law-enforcement team from the France and the Netherlands cracked the encryption of EncroChat, a secure mobile messaging service that was "one of the largest providers of encrypted communications," according to the U.K.'s National Crime Agency. READ MORE...
Thousands of MongoDB databases ransacked, held for ransom
An unknown cybercriminal has infiltrated 22,900 unsecured MongoDB databases, wiping their contents and leaving behind a ransom note demanding bitcoin in return for the data. If the ransom isn't paid within two days, they threatened to notify authorities in charge of enforcing the European Union's GDPR. According to ZDNet, which broke the story, the hacker is using automated scripts to scour the internet for MongoDB installations that face the internet with no password protection. READ MORE...
Magecart Attacks on Claire's and Other U.S. Stores Linked to North Korea
Hackers linked to the North Korean government appear to be behind the Magecart attacks on fashion retailer Claire's and other online stores, Netherlands-based e-commerce security company Sansec reported on Monday. Threat actors linked to North Korea have been known to launch - in addition to espionage and destructive campaigns - financially-motivated attacks, including against cryptocurrency exchanges and banks. READ MORE...
US Cyber Command urges F5 customers to patch critical BIG-IP flaw
F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). F5 customers using BIG-IP software and hardware solutions include enterprise governments, Fortune 500 firms, banks, service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company's website saying that "48 of the Fortune 50 rely on F5." READ MORE...
Websites of eight US cities poisoned by malware skimming the credit card details of residents
Beware if you're paying your bills for local government services - the payment information you type into that web form may be heading straight to cybercriminals. Security experts at Trend Micro report that they have identified eight cities in the USA where online payment portals have been compromised to host Magecart-style credit card skimming code. READ MORE...
NSA releases guidance on securing IPsec Virtual Private Networks
The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks. Besides providing organizations with recommendations on how to secure IPsec tunnels, NSA's VPN guidance also highlights the importance of using strong cryptography to protect sensitive info contained within traffic while traversing untrusted networks when connecting to remote servers. READ MORE...
Krebs on Security: E-Verify's "SSN Lock" is Nothing of the Sort
One of the most-read advice columns on this site is a 2018 piece called "Plant Your Flag, Mark Your Territory," which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number - which for better or worse is the de facto national identifier in the United States. READ MORE...
Apache Guacamole Opens Door for Total Control of Remote Footprint
Apache Guacamole, a popular infrastructure for enabling remote working, is vulnerable to a slew of security bugs related to the Remote Desktop Protocol (RDP), researchers have warned. Admins should update their systems to avoid attacks bent on stealing information or remote code-execution. Once in control of the gateway, an attacker can eavesdrop on all incoming sessions, record all the credentials used, and even start new sessions to control the rest of the computers within the organization. READ MORE...
- ...in 1946, actor/director/screenwriter Sylvester Stallone ("Rocky", "First Blood") is born in New York City.
- ...in 1946, the 43rd President of the United States, George W. Bush, is born in New Haven, CT.
- ...in 1957, John Lennon and Paul McCartney meet for the first time. Three years later, they would form the Beatles.
- ...in 1980, French actress Eva Green ("Casino Royale", "Penny Dreadful") is born in Paris.