IT Security Newsletter

IT Security Newsletter - *Date* TEMPLATE

Written by Cadre | Wed, Aug 12, 2020

SANS infosec training org suffers data breach after phishing attack

The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack. The SANS Institute is one of the largest organizations that offer information security training and security certification to users worldwide. In a notification posted to their site today, SANS states that one of their employees fell for a phishing attack that allowed a threat actor to gain access to their email account. READ MORE...

Colorado city forced to pay $45,000 ransom to decrypt files

A city in Colorado, USA, has been forced to pay $45,000 after the City's devices were encrypted in July, and they were unable to restore necessary files from backup. On July 27th, the City of Lafayette suffered a ransomware attack that impacted their phone services, email, and online payment reservation systems. At the time, the City had not explained what was causing the outage but stated that residents should use 911 or an alternate number for emergency services. READ MORE...

Hackers exploited Tor exit relays to generate bitcoin: research

At one point this spring, a single set of money-hungry hackers controlled nearly a quarter of the endpoint infrastructure through which the anonymizing internet browser Tor routed traffic, a researcher who tracks Tor claimed this week. The unidentified attacker likely used those Tor "exit relays" - the IP addresses through which Tor traffic passes- to manipulate the traffic and mine cryptocurrency, said the researcher, who goes by nusenu. How much bitcoin the attackers were able to generate, if any, remains unclear. READ MORE...

NCC Group admits its training data was leaked online after folders full of CREST pentest certification exam notes posted to GitHub

Exclusive British infosec biz NCC Group has admitted to The Register that its internal training materials were leaked on GitHub - after folders purporting to help people pass the CREST pentest certification exams appeared in a couple of repositories. The documents, posted to the cloudy code shack by an account set up last month, were held in a folder marked "cheatsheets". They appeared to be a collection of exceptionally frank and well informed training materials. READ MORE...

How to maintain or improve employee productivity in virtual or hybrid workplaces

Productivity can be maintained surprisingly well in a virtual or hybrid workplaces, according to BCG. The survey, conducted in the US, Germany, and India, also shows that there is significant appetite for flexible ways of working among employees, as well as increased openness to this from managers. As working methods become increasingly remote or hybrid in the wake of the COVID-19 pandemic, a key question for companies is how to maintain and improve this productivity in the workplace of the future. READ MORE...

Zero-Trust Security 101

What are the tenets and fundamental spirit of zero-trust architecture -- without the marketing speak? Zero trust sounds so harsh. But real cybersecurity results can come from the harsh-sounding scheme that defines every relationship as fraught with danger and mistrust. Zero-trust security is a common topic of discussion in cybersecurity circles these days, but understanding it goes beyond the name. The simple-sounding strategy comprises several key components. READ MORE...

3 strategies for addressing sensitive legal cybersecurity issues

Three years after enacting one of the most exacting cybersecurity regulations in the United States, the New York State Department of Financial Services (NYDFS) recently filed its first cybersecurity enforcement action. This enforcement action shows the importance of mitigating legal risks when addressing cybersecurity risks. NYDFS alleged that First American Financial, one of the country's largest providers of title insurance, failed to properly address a known security vulnerability on its website. READ MORE...

How scammers use faked news articles to promote coronavirus 'cures' that only defraud victims

Scammers are relying on fabricated news articles about the COVID-19 pandemic in an attempt to trick readers into signing up for bunk coronavirus cures. A network of content farm websites - the kind of sites that typically publish false hyperpartisan articles - are masquerading as legitimate news sites as part of an attempt to scam Americans, according to research published Wednesday by RiskIQ. By posting what appeared to be inflammatory news articles. READ MORE...

Network intruders selling access to high-value companies

Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue. One actor claiming they returned to black hat activities after laying low for a while has recently churned out network access credentials for big and small companies across the world. Using the alias bcorp33, the network intruder appears to be collaborating with affiliates of FXMSP. READ MORE...

Citrix releases fix for software bug that hackers 'will move quickly to exploit'

A newly revealed set of vulnerabilities in popular software made by Citrix, whose clients include Fortune 500 companies, could let hackers who exploit the bugs gain control of a mobile server and steal sensitive data. The Florida-based company, which has dealt with multiple critical vulnerabilities this year, has released fixes for the new round of bugs and urged customers to apply them. "While there are no known exploits as of this writing, we do anticipate malicious actors will move quickly to exploit". READ MORE...

Microsoft Patches 120 Vulnerabilities, Two Zero-Days

The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities. Microsoft today released fixes for 120 vulnerabilities, including two zero-days, in 13 products and services as part of its monthly Patch Tuesday rollout. The August release marks its third-largest Patch Tuesday update, closely following the second-largest in July 2020 (123 patches) and largest-ever in June 2020 (129 patches). READ MORE...

  • ...in 1898, the brief and one-sided Spanish-American War comes to an end when Spain formally agrees to a peace protocol on U.S. terms.
  • ...in 1908, Henry Ford's first Model T, affectionately known as the "Tin Lizzie," rolled off the assembly line in Detroit, Michigan.
  • ...in 1961, East Germany begins construction of the Berlin Wall.
  • ...in 1994, the longest work stoppage in major league history begins. Because of the strike, the 1994 World Series is cancelled.