<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 03-15/2021

SHARE

Breaches

WeLeakInfo Leaked Customer Payment Info

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card. READ MORE...

Hacking

15-year-old Linux kernel bugs let attackers gain root privileges

Three vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. These security bugs can only be exploited locally, which means that potential attackers will have to gain access to vulnerable devices by exploiting another vulnerability or using an alternative attack vector. GRIMM researchers discovered the bugs 15 years after they were introduced in 2006. READ MORE...


Alleged Verkada hacker says police raided their home in Switzerland

One of the hackers who claimed responsibility for breaking into the networks of camera surveillance firm Verkada says police have raided their home in Switzerland. Tillie Kottman said in a social media post that the raid occurred Friday morning in the Swiss city of Lucerne and resulted in the confiscation of their electronic devices. Kottman has claimed to be part of a group of hackers that breached Silicon Valley-based Verkada, and reportedly accessed live feeds of 150,00 cameras in hospitals... READ MORE...

Trends

Alarming number of consumers impacted by identity theft, application fraud and account takeover

A new report, developed by Aite Group, and underwritten by GIACT, uncovers the striking pervasiveness of identity theft perpetrated against U.S. consumers and tracks shifts in banking behaviors adopted as a result of the pandemic. According to the report, from 2019 to 2020, 47% of U.S. consumers surveyed experienced identity theft, 37% experienced application fraud (i.e., the unauthorized use of one's identity to apply for an account)., and 38% of consumers experienced account takeover over. READ MORE...

Information Security

Twitter bug automatically suspends you when tweeting 'Memphis'

A bug on Twitter is causing users to become temporarily suspended if they tweet the word 'Memphis,' BleepingComputer has confirmed. This bug started today after users tweeting about the Tennessee city, sports teams, or players suddenly found that they were temporarily suspended for 12 hours after Tweeting the word Memphis. While some have said that the bug is fixed on Twitter, in a test just performed by BleepingComputer. READ MORE...


Huawei Listed Anew as Threat to US National Security

US regulators on Friday listed Huawei among Chinese telecom gear firms deemed a threat to national security, signaling that a hoped for softening of relations is not in the cards. A roster of communications companies thought to pose "an unacceptable risk" to national security included Huawei Technologies, ZTE, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology. "This list is a big step toward restoring trust in our communications networks." READ MORE...

Exploits/Vulnerabilities

Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs

The floodgates appear to be open on critical bugs in Microsoft software as a predictable bevy of scammers - from a ransomware actor to cryptocurrency conmen - have flocked to vulnerable email servers. The new incidents make clear that what started as a reported China-linked spying operation to steal data from the Microsoft email program has devolved into an opportunistic romp for criminals. READ MORE...


Google Releases PoC Exploit for Browser-Based Spectre Attack

Google last week announced the release of proof-of-concept (PoC) code designed to exploit the notorious Spectre vulnerability and leak information from web browsers. Initially detailed in early 2018 alongside Meltdown, the side-channel attack could allow a malicious application to access data being processed on the device. The vulnerability could expose passwords, documents, emails, data from instant messaging apps, and more. READ MORE...

On This Date

  • ...in 1819, French physicist Augustin-Jean Fresnel proves at the Parisian Academie des Sciences that light can behave like a wave.
  • ...in 1912, country-blues singer, songwriter, and guitarist Sam "Lightnin'" Hopkins is born in Centerville, TX.
  • ...in 1978, competitive eating champion and multiple Guinness World Record-holder Takeru Kobayashi is born in Nagano, Japan.
  • ...in 1985, the first Internet top-level domain name, symbolics.com, is registered by computer firm Symbolics, Inc.