IT Security Newsletter - 02/25/2021
VC giant Sequoia discloses data breach after failed BEC attack
American venture capital firm Sequoia has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. Since its founding in 1972, the venture capital (VC) firm Sequoia has invested in a long list of high-profile companies (e.g., Apple, NVIDIA, Google, Oracle, Yahoo, LinkedIn, YouTube, Paypal, Electronic Arts, and Cisco). The VC giant also backed many start-ups, including Airbnb, Dropbox, FireEye, Palo Alto Networks, Stripe, Square, and WhatsApp. READ MORE...
Universities Face Double Threat of Ransomware, Data Breaches
Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage. Institutions of higher education continue to have problematic password policies, lack multifactor authentication (MFA), and have a plethora of open ports - despite suffering dozens of ransomware attacks and targeting by attackers focused on stealing student information and university research, according to a new study published Tuesday. READ MORE...
Alexa, swap out this code that Amazon approved for malware... Installed Skills can double-cross their users
Computer security bods based in Germany and the US have analyzed the security measures protecting Amazon's Alexa voice assistant ecosystem and found them wanting. In research presented on Wednesday at the Network and Distributed System Security Symposium (NDSS) conference, researchers describe flaws in the process Amazon uses to review third-party Alexa applications known as Skills. READ MORE...
Ukraine says Russia hacked its document portal and planted malicious files
Ukraine has accused the Russian government of hacking into one of its government Web portals and planting malicious documents that would install malware on end users' computers. "The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities," officials from Ukraine's National Coordination Center for Cybersecurity said in a statement published on Wednesday. " READ MORE...
Google Funds Linux Kernel Security Development
Google and the Linux Foundation this week announced the prioritizing of funds to allow long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving the security of the platform. With this funding, Silva and Chancellor will dedicate their work to improving kernel security, as well as to associated initiatives, so that the open source software project remains sustainable in the long run. READ MORE...
Users largely unaware of the privacy implications of location tracking
How much personal information can our phone apps gather through location tracking? To answer this question, two researchers - Mirco Musolesi (University of Bologna, Italy) and Benjamin Baron (University College London, UK) - carried out a field study using an app specifically developed for this research. Through the app employed in the study researchers were able to identify which kind of personal information the app extracted and its privacy sensitivity according to users. READ MORE...
Attackers scan for vulnerable VMware servers after PoC exploit release
After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. The scanning activity was spotted by threat intelligence company Bad Packets just one day after VMware patched the critical vulnerability. Thousands of unpatched vCenter servers are still reachable over the Internet. READ MORE...
Fed glitch shuts down wire transfers, direct deposits, other services
Federal Reserve electronic systems that enable US banks to send each other electronic payments experienced a massive outage on Wednesday afternoon. A Fed statement attributed the outage to an "operational error" but didn't provide much more detail. The Federal Reserve System acts as America's central bank, and it controls much of the plumbing of the US financial system. The automated clearing house (ACH) system is used for paychecks, bill payments. READ MORE...
TD Bank suffers systemwide outage, services still recovering
TD Bank is recovering from a major IT systems outage today that prevented account holders from accessing their online bank accounts, use ATM, or check balances over the phone. The outage started at approximately 2 AM EST this morning and prevented TD Bank members from logging into their online accounts. When attempting to do so, their systems displayed a message stating that the system was down "due to planned maintenance activity". READ MORE...
- ...in 1836, Samuel Colt is granted a patent for the Colt revolver, the first gun manufactured on an assembly line using interchangeable parts.
- ...in 1901, industrialist J.P. Morgan incorporates the United States Steel Corporation by financing the merger of three smaller steel companies for $492 million.
- ...in 1928, The Federal Radio Commission issues the first television broadcast license to inventor and early TV pioneer Charles Jenkins.
- ...in 1971, actor Sean Astin ("Rudy", "Lord of the Rings") is born in Santa Monica, CA.