IT Security Newsletter

IT Security Newsletter - 10/28/2020

Written by Cadre | Wed, Oct 28, 2020

Steelcase furniture giant hit by Ryuk ransomware attack

Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread. Steelcase is the largest office furniture manufacturer globally, with 13,000 employees and $3.7 billion in 2020. Steelcase suffers a Ryuk ransomware attack. In an 8-K form filed with the Securities and Exchange Commission (SEC), Steelcase has disclosed that they were the victim of a cyberattack on October 22nd, 2020. READ MORE...

Enel Group hit by ransomware again, Netwalker demands $14 million

Multinational energy company Enel Group has been hit by a ransomware attack for the second time this year. This time by Netwalker, who is asking a $14 million ransom for the decryption key and to not release several terabytes of stolen data. Enel is one of the largest players in the European energy sector, with more than 61 million customers in 40 countries. As of August 10, it ranks 87 in Fortune Global 500, with a revenue of almost $90 billion in 2019. Enel hit with Netwalker Ransomware attack. READ MORE...

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. The raging pandemic has forced many retailers to re-imagine their businesses, shifting from in-person to contactless interactions through online sales. This new socially distanced reality is colliding with the crush of an upcoming holiday shopping season, creating an unprecedented opportunity for cybercriminals to capitalize. Magecart is just one of the more potent types of attacks to emerge in recent months. READ MORE...

21 Malicious Apps Downloaded 8 Million Times From Google Play

Despite Google's best efforts to keep Android users safe, malware does manage to slip into Google Play from time to time, and the 21 malicious apps that Avast identified recently are proof of that. Catered for gamers, the apps were found to include adware that is part of the HiddenAds family. The offending applications appear to have been downloaded roughly 8 million times before being discovered. The HiddenAds malware, Avast explains, poses as fun or useful apps but in reality delivers intrusive ads. READ MORE...

Mac users unable to print after Apple revoked HP certificate

Apple macOS X users with HP printers are left unable to print from their computers after Apple revoked a certificate that signed HP's print drivers. The result was print drivers being mistaken on macOS X for malware, and user complaints springing up over the weekend. As observed by BleepingComputer, when printing a document from a MacBook running macOS Catalina (10.15.7 (19H2)) to an HP printer, the job remains in print queue but does not complete. That's because the corresponding print driver is being mistaken as malware. READ MORE...

76% of applications have at least one security flaw

The majority of applications contain at least one security flaw and fixing those flaws typically takes months, a Veracode report reveals. This year's analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find. The report also uncovered some best practices to significantly improve these fix rates. There are some factors that teams have a lot of control over, and those they have very little control over categorizing them as "nature vs. nurture". READ MORE...

Attacks on IoT devices continue to escalate

Attacks on IoT devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, according to Nokia. IoT devices most infected: The report found that internet-connected, or IoT, devices now make up roughly 33% of infected devices, up from about 16% in 2019. The report's findings are based on data aggregated from monitoring network traffic on more than 150 million devices globally. READ MORE...

FBI: Hackers stole government source code via SonarQube instances

The Federal Bureau of Investigation (FBI) issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. SonarQube is an open-source platform for automated code quality auditing and static analysis to discover bugs and security vulnerabilities in projects using 27 programming languages. Vulnerable SonarQube servers have been actively exploited by attackers since April 2020. READ MORE...

EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone

More Than 2 Petabytes of Unprotected Medical Data Found on Picture Archiving and Communication System (PACS) Servers. The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned. This is despite the third week of this year's National Cybersecurity Awareness Month (week beginning 19 October 2020) majoring on 'Securing Internet-Connected Devices in Healthcare'. READ MORE...

FTC receives almost 2 million robocall complaints in nine months

The Federal Trade Commission (FTC) received almost 2 million complaints from Americans regarding illegal robocalls during the first nine months of 2020. These stats are included in the U.S. Department of Justice Telephone Robocall Abuse Criminal Enforcement and Deterrence Act 2020 Report to Congress. "Illegal robocalls remain a significant consumer protection problem and one of consumers' top complaints to the Federal Trade Commission (FTC)," the report says. "Through the first nine months[...]" READ MORE...

  • ...in 1726, Jonathan Swift's satirical fantasy novel "Gulliver's Travels" is published.
  • ...in 1886, The Statue of Liberty (originally named "Liberty Enlightening the World") is dedicated at Liberty Island, NY by President Grover Cleveland.
  • ...in 1942, computer scientist and academic Gillian Lovegrove, an early pioneer and vocal advocate of women in IT-oriented professions, is born in Yorkshire, UK.
  • ...in 1962, Soviet Premier Nikita Khrushchev orders Soviet missiles removed from Cuba, ending the Cuban Missile Crisis.