Today’s premium story is about a new cryptocurrency ploy to spoof a legit website. Sadly, it is just one in a long list of other exploits.
If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account. -- David Strom
1. There is a new malware downloader called Coblnt which is associated with the Cobalt Gang. Researchers have identified its characteristics, one notable one is having multiple stages that makes it very potent. -- PROOFPOINT BLOG
2. Ironically, the backup and data recovery vendor Veeam has accidentally exposed its marketing database of millions of records to the public. Only after repeated attempts by one researcher was the data finally secured. -- DIACHENKO BLOG @ LINKEDIN
See it. Secure it. Halo Cloud Secure eliminates your public cloud blind spots.
Halo Cloud Secure is an automated public cloud infrastructure security solution that delivers comprehensive visibility, protection, and continuous compliance monitoring for compute, storage, database, networking, and identity services to reduce cyber risk. Check your AWS accounts for FREE right now.
3. If you are in the market for a used Alexa, reconsider your purchase. Some of them are being sold with deliberate malware that can record network traffic and audio. Purchase with care. -- VPNMENTOR
4. The British electric utility NPower has inadvertently emailed about 5,000 customer data to the wrong customers. Apparently their third-party fulfillment vendor was to blame. -- COMPUTING (UK)
5. While Apple was gearing up for its major announcement, they were also eliminating a new collection of badly behaving apps from Trend Micro. The MacOS apps were stealing users’ data without their consent. Trend admitted their mistake, although it took three different posts to get it right. -- TREND MICRO BLOG
6. Researchers have uncovered a pair of vulnerabilities in the ProtonVPN and NordVPN VPN clients. The pair can enable privilege escalation attacks. Both vendors have issued patches. -- CISCO TALOS
7. If you want to steal a Tesla model S, all it takes is some electronics to clone its key fob. This is according to a team of academic Belgian researchers. Blame it on the car’s weak encryption methods. The team received a $10k bounty and the issue has been fixed. -- WIRED
8. If you get an email saying your Wordpress blog database needs an update, chances are good it is a phishing attack.-- SUCURI BLOG
9. A new open source method to create secure trusted hardware enclaves has been invented. Called Keystone, it is still in very early developmental stages. -- KEYSTONE WEBSITE
10. This post dissects how a family of Android malware can intercept SMS MFA authentications. It is well worth reviewing to understand how clever malware authors can be. -- SECURITY BLVD.
Researchers have found yet another new cryptocurrency exploit, this time with spoofing the Jaxx Liberty Wallets. It is a versatile wallet that has been downloaded more than a million times. This is just the latest in crypto exploits. I wrote an article for IBM’s Security Intelligence blog at the beginning of the year here that reviews some of the older exploits in this fast-moving world.
My article categorizes these exploits into DDoS attacks, wallet thefts, mining-based malware and website hacks. All of them have become more numerous, particularly when the price of crypto coins rises
That is pretty depressing when you think about it. -- LESLEY CARHART @ TWITTER
This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.
Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).