IT Security Newsletter - 01/21/2021
Hacker leaks full database of 77 million Nitro PDF user records
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free. The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information. The database has also been added to the Have I Been Pwned service which allows users to check if their info. READ MORE...
Hacker blunder leaves stolen passwords exposed via Google search
Hackers hitting thousands of organizations worldwide in a massive phishing campaign forgot to protect their loot and let Google the stolen passwords for public searches. The phishing campaign has been running for more than half a year and uses dozens of domains that host the phishing pages. It received constant updates to make the fraudulent Microsoft Office 365 login requests look more realistic. READ MORE...
Google Forms Set Baseline For Widespread BEC Attacks
A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise (BEC) attack. So far, researchers have observed thousands of messages being sent to companies, predominantly delivered to retail, telecommunications, healthcare, energy and manufacturing sectors. Of note, the campaign leverages Google's Forms survey tool. READ MORE...
Social engineering gains momentum with cyber criminals
The COVID-19 pandemic represents the largest public health crisis in a century. As cyber attackers seek to exploit the crisis, it has also become a major security issue for healthcare organizations. Attackers do not view the world in terms of a network diagram, rather, they seek out people. Therefore, we are seeing an uptick in the adoption of social engineering techniques that create more compelling lures for those they are targeting. READ MORE...
Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover
Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user's email address. The attack, dubbed KindleDrip, was discovered in October 2020 by Yogev Bar-On, a researcher at Israel-based cybersecurity consulting firm Realmode Labs. KindleDrip involved the exploitation of three different security holes, all of which were addressed by Amazon. READ MORE...
Bugs in Signal, other video chat apps allowed attackers to listen in on users
Bugs in several messaging/video chat mobile apps allowed attackers to spy on targeted users's surroundings. The vulnerabilities - in Signal, Google Duo, Facebook Messenger, JioChat, and Mocha - could be triggered by simply placing a call to the target's device - no other action was needed. In early 2019, Apple fixed a major logic bug (CVE-2019-6223) in its Group FaceTime feature. The bug, discovered by a Tucson high-schooler. READ MORE...
NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs
NVIDIA has newly disclosed three security vulnerabilities in the NVIDIA Shield TV, which could allow denial of service, escalation of privileges and data loss. The NVIDIA Shield TV is a set-top gadget that acts as a hub for the smart home, streams PC games from a gaming PC to a TV, and allows local and online media playback and streaming. Android games compatible with Android TV are compatible with the Shield TV and controller, as are those from the NVIDIA's GeoForce market. READ MORE...
Amazon offers Biden help to speed up vaccine distribution
Amazon is one of the country's largest businesses-and despite its faults and flaws, the company overall excels at logistics and distribution at scale. Therefore, Amazon suggests, the brand-new Biden administration should give the company a call to help ramp up COVID-19 distribution nationwide. "Amazon stands ready to assist you in reaching your goal of vaccinating 100 million Americans in the first 100 days of your administration," Dave Clark, the head of Amazon's consumer business. READ MORE...
- ...in 1938, radio DJ and early rock and roll popularizer Robert Weston Smith, AKA "Wolfman Jack", is born in Belvidere, NC.
- ...in 1940, pro golfer Jack Nicklaus -- 'The Golden Bear' -- is born in Upper Arlington, OH.
- ...in 1954, the very first nuclear-powered submarine, the USS Nautilus (named for the submarine in "Twenty Thousand Leagues Under the Sea") is launched off the Connecticut coast.
- ...in 1981, production of the DeLorean DMC-12 sports car, as seen in the "Back to the Future" films, begins in Dunmurry, Ireland.