IT Security Newsletter

IT Security Newsletter - 9/3/2019

Written by Cadre | Tue, Sep 3, 2019

Rash of ransomware continues with 13 new victims—most of them schools

As investigations into a massive, coordinated ransomware attack against local governments in Texas continues, 13 new victims of ransomware attacks have been publicly identified. Most of them are school districts, thought the victims also include an Indiana county, a hospice in California, and a newspaper in Watertown, New York.

BMC vulnerabilities in Supermicro servers allow remote takeover

The flaws, collectively dubbed USBAnywhere, could allow attackers to connect to a server and connect a device to it remotely, over any network including the Internet, as if they had physical access to a server’s USB port. BMCs are specialized microcontrollers embedded on a server’s motherboard that allow sysadmins to perform low-level tasks without having to go where the server is located.

Data Leak Hits 2.5 Million Customers of Cosmetics Giant Yves Rocher

A French retail consultancy exposed data on millions of its clients’ customers as well as sensitive business information, after researchers discovered an unsecured Elasticsearch database. Aliznet, which specializes in digital transformation, names the likes of tech giants IBM, Oracle and Salesforce, retail leaders like Auchan, and big brands including Yves Rocher and Lacoste as its clients.

For Foxit's sake: PDF editor biz breached, users' passwords among stolen data

Users of software house Foxit's free and paid-for products, including its popular PhantomPDF editor, may have fallen victim to a data breach – with stolen data including users' website passwords. Foxit admitted to the breach earlier today, stating that "third parties" had gained access to its My Account user data. That data was comprised of "email addresses, passwords, users' names, phone numbers, company names and IP addresses" but not payment card information.

XKCD forums breached

The forum for the techie-darling comic strip XKCD was still offline on Monday afternoon after Troy Hunt’s breach site, Have I Been Pwned, reported on Sunday that 562,000 of the forum’s accounts had been breached sometime in August. A breach notice on the echochamber.me/xkcd forums echoed Hunt’s message: portions of the forums’ phpBB user table showed up in a cache of leaked data, it said.

Graham Cluley: About the Twitter CEO ‘@jack hack’

As you have probably heard by now, Twitter CEO Jack Dorsey’s account (@jack, 4.2 million followers) started spewing some tweets on Friday night that were out of character even for him. For about 15 minutes the account tweeted racist and offensive remarks, and even at one point what appeared to be a bomb threat. It was pretty obvious that these weren’t messages being genuinely tweeted by Twitter’s oddball co-founder, and theories spread like wildfire that his account had been hacked.

Gamification Can Transform Company Cybersecurity Culture

Chief information security officers (CISOs) of Global 2000 enterprises have one of the toughest jobs in the world, defending their organization’s cyberspace and being the guardian of its assets and private information. But CISOs also have a second, even bigger problem: Their own company employees. There are always gaping holes in individual organization’s cyber-defenses, including but not limited to: Unpatched systems, reused passwords and misconfigurations.