IT Security Newsletter

IT Security Newsletter - 8/9/2021

Written by Cadre | Mon, Aug 9, 2021

New "Glowworm attack" recovers audio from devices' power LEDs

Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations. READ MORE...

Synology warns of malware infecting NAS devices with ransomware

Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks that lead to ransomware infections. According to Synology's PSIRT (Product Security Incident Response Team), Synology NAS devices compromised in these attacks are later used in further attempts to breach more Linux systems. READ MORE...

Computer hardware giant GIGABYTE hit by RansomEXX ransomware

Taiwanese motherboard maker Gigabyte has been hit by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen data unless a ransom is paid. Gigabyte is best known for its motherboards, but also manufactures other computer components and hardware, such as graphics cards, data center servers, laptops, and monitors. The attack occurred late Tuesday night into Wednesday and forced the company to shut down systems in Taiwan. READ MORE...

Zoom Settlement: An $85M Business Case for Security Investment

Ransomware isn't the only way lax security can cost a business eight figures in damage. Zoom just lost an $85 million class-action lawsuit this week for its cybersecurity missteps, proving that even the most essential and relied-upon brands can be tripped up by inadequate security. More importantly, Zoom's journey is an object lesson showing that cybersecurity matters to the bottom line. READ MORE...

NCSC Sticks by 'Three Random Words' Strategy for Passwords

Combining three random words is more effective than using complex combinations for passwords, says the National Cyber Security Council (NCSC). An NCSC blog post dated August 9 explains how this train of thought or "think random" helps to "keep the bad guys out." The post follows on from a previous one from nearly five years ago, "Three random words or #thinkrandom." READ MORE...

Amazon Kindle Vulnerable to Malicious EBooks

A security flaw in Amazon's Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. That's according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed the bug to Amazon in February, and it was fixed in April, Amazon released patched firmware to be automatically installed on every Kindle connected to the internet. READ MORE...

Apple's new solution to combat child abuse imagery could radically shift encryption debate

Apple disputed that the new system will be seen by authoritarian regimes as a potential new form of surveillance. Apple announced Thursday it will introduce a feature to detect child abuse images being uploaded to iCloud Photos from iPhone devices in the United States. The company has framed the feature as a privacy-preserving way to combat the scourge of images of explicit content involving children shared online. READ MORE...

  • ...in 1892, Thomas Edison receives a patent for a two-way telegraph system.
  • ...in 1936, track star Jesse Owens wins his fourth gold medal of the Berlin Olympics in the 4x100-meter relay.
  • ...in 1968, actress Gillian Anderson ("The X-Files", "The Crown") is born in Chicago, IL.
  • ...in 2010, JetBlue flight attendant Steven Slater quits his job in dramatic style by sliding down his plane's emergency-escape chute.