IT Security Newsletter

IT Security Newsletter - 11/05/2020

Written by Cadre | Thu, Nov 5, 2020

Capcom hacked. Resident Evil game developer discloses cyber attack

Japanese game developer Capcom has revealed that it suffered a security breach earlier this week which saw malicious hackers access its internal systems. The maker of such well-known video games as "Resident Evil" and "Street Fighter" disclosed in a short press release that in the early hours of Monday some of its networks "experienced issues" that affected access to email and file servers. In response, the company has shut down some of its systems. READ MORE...

BEC Scammers Exploit Flaw to Spoof Domains of Rackspace Customers

A threat actor specializing in business email compromise (BEC) attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations. UK-based cybersecurity company 7 Elements identified the vulnerability while conducting incident response activities for a customer. An analysis of the attack revealed that the hackers had sent out phishing emails by leveraging a flaw related to how Rackspace SMTP servers hosted at emailsrvr.com authorize users. READ MORE...

Revamped DLL side-load attack hits Myanmar

Security vendor Sophos has suggested Chinese purveyors of advanced persistent threats (APTs) are behind a recent wave of attacks on non-governmental organisations and other commercial entities in Myanmar. The attack, which Sophos has given the charming moniker "KilllSomeOne", is a DLL side-loading attack that tricks Windows executables into loading a malicious DLL instead of a real one. The dirty DLLs attempt information exfiltration. READ MORE...

Scam PSA: Ransomware gangs don't always delete stolen data when paid

Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom. In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid. Now, not only are victims being extorted through the encryption of their files but also by the risk of their data being published and causing a data breach. READ MORE...

The power of trusted endpoints

The story of digital authentication started in an MIT lab in 1961, when a group of computer scientists got together and devised the concept of passwords. Little did they know the anguish it would cause over the next 50 years. Today, most people possess more than 90 username-and-password combinations and would rather click "Reset password" than try to remember them all. Unfortunately, passwords are not only inconvenient, but dangerous as well - it's a problem the world has been grappling with for the last 20 years, at least. READ MORE...

Google Discloses Details of GitHub Actions Vulnerability

Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline. The bug was identified by security researcher Felix Wilhelm of Google Project Zero, who reported it to GitHub on July 21. As per Google's policy, information on the flaw was meant to be released after 90 days, but GitHub requested a 14-day grace period. Tracked as CVE-2020-15228, the vulnerability is related to the use of the set-env and add-path workflow commands. READ MORE...

  • ...in 1605, Guy Fawkes is arrested in the act of placing explosives underneath the British Parliament, as part of the "Gunpowder Plot."
  • ...in 1911, Roy Rogers is born in Cincinnati. The location of his home later became home plate at Riverfront Stadium.
  • ...in 1940, Franklin Delano Roosevelt is elected to an unprecedented fourth term as President of the United States.
  • ...in 1968, Richard Nixon is elected as 37th President of the United States.