<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 02/04/2021

SHARE

Breaches

Oxfam Australia investigates data breach after database sold online

Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database belonging on a hacker forum. Oxfam Australia is a charity focused on alleviating poverty within the indigenous Australian people and people from Africa, Asia, and the middle east. The charity is part of a confederation of twenty charities worldwide operating under the Oxfam umbrella. READ MORE...


Cybersecurity firm Stormshield hacked. Data (including source code) stolen

French cybersecurity firm Stormshield has revealed that it has suffered a security breach, and hackers have accessed sensitive information. The company, which is a major provider to the French government, says that a hacker managed to steal data after gaining access to a portal used by customers and partners, potentially accessing support tickets and communications with staff. Although Stormshield has not shared details of how many customers have been affected by the breach. READ MORE...

Hacking

Nespresso smart cards hacked to provide infinite coffee after someone wasn't too perky about security

Some commercial Nespresso machines in Europe that incorporate a smart card payment system can be manipulated to add unlimited funds to purchase coffee, thanks to reliance on technology that's been known to be insecure for more than a decade. In a coordinated vulnerability disclosure published this week, Polle Vanhoof, a security researcher, describes a vulnerability affecting unspecified Nespresso Pro machines equipped with a smart card reader: READ MORE...


Malicious script steals credit card info stolen by other hackers

A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer. Credit card skimmers (aka payment card skimmers or Magecart scripts) are JavaScript scripts that cybercrime groups known as Magecart groups inject into hacked e-commerce sites as part of web skimming (also known as e-skimming) attacks. Their end goal is to steal the payment and personal info submitted by the hacked stores' customers. READ MORE...

Trends

Major trends that are changing the CISO role

In a rapidly changing business environment, the role of the CISO has hugely expanded in its scope and responsibilities, a BT Security survey of over 7000 business leaders, employees and consumers from across the world reveals. With the research also identifying security as the top priority for businesses after coronavirus, CISOs have never been more integral to business operations. With this in mind, the research's finding that 76% of business executives rate their organization's IT. READ MORE...

Information Security

SonicWall issues patch for firmware zero-day used to attack the company and its customers

Network security company SonicWall is offering a patch for a serious bug in one of its product lines that had attracted public warnings from cybersecurity researchers over the past week. The patch fixes a flaw that had put the Silicon Valley firm in the headlines of late. SonicWall on Jan. 22 said attackers had exploited a zero-day vulnerability in its own products to gain access to its corporate network. Then, on Jan. 31, researchers from NCC Group then said the bug was being exploited. READ MORE...

Exploits/Vulnerabilities

Runtime data no longer has to be vulnerable data

Today, the security model utilized by nearly all organizations is so weak that the mere act of creating new data comes with the immutable assumption that such data will become public and subject to theft or misuse. The industry has been the proverbial slow-boiling frog when it comes to data security. From the time computing systems were first able to store large amounts of data, individuals with no right to that data have accessed it. When connectivity and breaches were rare, nobody cared. READ MORE...


SolarWinds patches vulnerabilities that could allow full system control

SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe vulnerabilities. Martin Rakhmanov, a researcher with Trustwave SpiderLabs, said in a blog post on Wednesday that he began analyzing SolarWinds products shortly after FireEye and Microsoft reported that hackers had taken control of SolarWinds' software development system. READ MORE...

Encryption

Rise in ransomware attacks mistakenly causing data destruction

More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption. This stance resulted in Q4 of 2020 seeing a significant decline in the average ransom payments compared to the previous quarter, says ransomware remediation firm Coveware. But a more insidious phenomenon is prefiguring, where data is destroyed in the attack leaving companies no option to recover it. READ MORE...

Science & Culture

Canada Probe Concludes Clearview AI Breached Privacy Laws

US facial recognition technology firm Clearview AI illegally conducted mass surveillance in breach of Canadians' privacy rights, Canada's privacy commissioner said Wednesday following an investigation. "What Clearview does is mass surveillance and it is illegal," Privacy Commissioner Daniel Therrien told a teleconference. An investigation by the watchdog found the New York-based firm, whose technology allows law enforcement and others to match photographs of unknown people. READ MORE...


Amazon begins delivering packages with prototype electric trucks

A year and a half after Amazon announced that it would buy 100,000 electric trucks to reduce its carbon footprint, Amazon says it has begun using prototype vehicles for real-world deliveries in Los Angeles. Amazon expects to spend a few more months testing the vehicles before the start of mass production later this year. Amazon placed the massive order with Rivian, a startup that has raised billions of dollars to build electric trucks. Amazon is a Rivian investor. READ MORE...

On This Date

  • ...in 1789, George Washington is unanimously elected the first president of the United States by the U.S. Electoral College.
  • ...in 1818, businessman Joshua Abraham Norton, who later proclaimed himself as "Norton I, Emperor of the United States" while living in San Francisco, is born in Kent, England.
  • ...in 1940, filmmaker George A. Romero, who directed the original 1968 "Night of the Living Dead" as well as other horror classics, is born in New York City.
  • ...in 1948, musician Vincent Furnier, AKA '70s rock icon Alice Cooper ("School's Out", "I'm Eighteen"), is born in Detroit, MI.