<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 02/17/2021

SHARE

Breaches

Information Posted Online After N Carolina Ransomware Attack

An investigation into a ransomware attack on a North Carolina county's computer network showed personal information posted for sale on the "dark web," the county said. The Chatham County network was hit on Oct. 28 with ransomware that originated in a phishing email with a malicious attachment, The News & Observer of Raleigh reported Tuesday. It encrypted much of the county's network infrastructure and associated business systems, the county announced. READ MORE...

Hacking

Kia Motors America experiences massive IT outage across the US

Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support. The outage started Saturday when the Kia Owners Portal went offline and began displaying an error message stating that Kia was "experiencing an IT service outage that has impacted some internal networks." The company's phone self-help services are also impacted, with the customer support numbers stating that they have server issues. READ MORE...


Complaint Blasts TikTok's 'Misleading' Privacy Policies

An umbrella group comprising 44 consumer-privacy watchdog organizations have filed a complaint against TikTok, saying the wildly-popular video-sharing platform has "misleading" data-collection policies. ByteDance-owned TikTok has skyrocketed in popularity, with more than 2 billion downloads on the Google Play and Apple App Store marketplaces. The complaint was filed by the European Consumer Organisation (BEUC), made up of consumer-privacy watchdog groups from 32 countries. READ MORE...

Trends

LastPass Free to force users to choose between mobile, desktop

Starting next month, LastPass will no longer allow a free account to be used on multiple types of devices (computers and mobile) at the same time. LastPass is a password manager that allows you to synchronize and auto-fill your login credentials throughout multiple platforms, including Windows, iOS, Android, and almost all web browsers. Today, LastPass began emailing customers of their Free service with news that starting on March 16th, 2021, users will no longer be allowed to use the service. READ MORE...

Exploits/Vulnerabilities

Three New Vulnerabilities Patched in OpenSSL

The OpenSSL Project on Tuesday announced the availability of patches for three vulnerabilities, including two that can be exploited for denial-of-service (DoS) attacks and one related to incorrect SSLv2 rollback protection. The most serious of the vulnerabilities, with a severity rating of moderate, is CVE-2021-23841, a NULL pointer dereference issue that can result in a crash and a DoS condition. READ MORE...


Misconfigured Baby Monitors Allow Unauthorized Viewing

A vulnerability affecting multiple baby monitors could allow someone to drop in and view a camera's video stream, according to researchers. Potentially hundreds of thousands of live devices are impacted, they said. The issue exists in the manufacturers' implementation of the Real-Time Streaming Protocol (RTSP), which is a set of procedures used by various cameras to control their streaming media. It's possible to misconfigure its implementation. READ MORE...

Science & Culture

Palo Alto Networks Plans to Acquire Cloud Security Firm

Palo Alto Networks today announced it plans to purchase Bridgecrew, a cloud-based security platform for software developers, for around $156 million. Bridgecrew espouses a so-called "shift left" strategy for developers, where developers and DevOps teams can ensure and enforce security infrastructure during the entire software development process. Some 70% of the Fortune 100 are customers of Bridgecrew's Prisma Cloud service. READ MORE...


Facebook Announces Payout Guidelines for Bug Bounty Program

Facebook on Tuesday announced several new features for its bug bounty program, including an educational resource and payout guidelines. The payout guidelines provide insight into the process used by the company to determine rewards for certain vulnerability categories. Specifically, it provides information on the maximum bounty for each category and describes the mitigating factors that can result in a lower reward. READ MORE...

On This Date

  • ...in 1801, The House of Representatives breaks an electoral college tie and chooses Thomas Jefferson over Aaron Burr for President.
  • ...in 1913, the Armory Show opens in New York City, introducing American art aficionados to the European avant-garde and inspiring a generation of American artists.
  • ...in 1920, comic book illustrator Curt Swan, whose art defined the look of Superman from the 1950s through the 1980s, is born in Minnesota.
  • ...in 1936, former Cleveland Browns fullback and action film star Jim Brown ("The Dirty Dozen", "Ice Station Zebra") is born in St. Simons, GA.