IT Security Newsletter - 08/06/2020
Canon hit by Maze Ransomware attack, 10TB data allegedly stolen
Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications. BleepingComputer has been tracking a suspicious outage on Canon's image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature. The image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it went back in service. READ MORE...
Top voting vendor ES&S publishes vulnerability disclosure policy
Election Systems & Software, the biggest vendor of U.S. voting equipment, on Wednesday announced a policy to work more closely with security researchers to find software bugs in the company's IT networks and websites. "Hackers are going to hack, researchers are going to research, whether or not there's a policy in place," Chris Wlaschin, ES&S's vice president of systems security, told CyberScoop. "We think it's important to have that safe harbor language out there to set expectations." READ MORE...
Colorado City Pays $45,000 Ransom After Cyber-Attack
Lafayette, Colorado, officials announced Tuesday the city's computer systems were hacked and they were forced to pay a ransom to regain access. Lafayette officials said hackers disabled the city's network services and blocked its access until the city paid a $45,000 fee, the Daily Camera reported. The attack caused city emails, phones, online payments and reservation systems to temporarily shut down. READ MORE...
Insecure satellite Internet is threatening ship and plane safety
Attacks that worked 10 years ago have only gotten worse despite growing use. More than a decade has passed since researchers demonstrated serious privacy and security holes in satellite-based Internet services. The weaknesses allowed attackers to snoop on and sometimes tamper with data received by millions of users thousands of miles away. You might expect that in 2020-as satellite Internet has grown more popular-providers would have fixed those shortcomings, but you'd be wrong. READ MORE...
How can security leaders maximize security budgets during a time of budget cuts?
t's no secret that the current pandemic is causing a major strain on consumers and businesses alike. As the U.S. teeters on the verge of a recession, companies are cutting their spending wherever they can - including in cybersecurity. Gartner estimates that security faces cuts as high as $6.7 billion - an unfortunate outcome, particularly since most organizations are also experiencing an expansion of their attack surface as a result of more people working from home. READ MORE...
Twitter for Android vulnerability gave access to direct messages
Twitter today announced that it fixed a security vulnerability in the Twitter for Android app that could have allowed attackers to gain access to users' private Twitter data including direct messages. "We recently discovered and fixed a vulnerability in Twitter for Android related to an underlying Android OS security issue affecting OS versions 8 and 9," Twitter explained. "Our understanding is 96% of people using Twitter for Android already have an Android security patch installed. READ MORE...
Researchers found another way to hack Android cellphones via Bluetooth
Attackers looking to steal sensitive information like contacts, call history, and SMS verification codes from Android devices only need to target Bluetooth protocols, according to new DBAPPSecurity research presented at the 2020 Black Hat conference Wednesday. These exploits, one of which takes advantage of a zero-day vulnerability, could also allow hackers to send fake text messages if manipulated properly, researchers found. READ MORE...
Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros
At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users. A new "zero-click" MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The attack bypasses security measures that both Microsoft and Apple have put in place to protect MacOS users from malicious macros. READ MORE...
Black Hat 2020: Open-Source AI to Spur Wave of 'Synthetic Media' Attacks
The explosion of open-source AI models are lowering the barrier of entry for bad actors to create fake video, audio and images - and Facebook, Twitter and other platforms aren't ready. An abundance of deep-learning and open-source technologies are making it easy for cybercriminals to generate fake images, text and audio called "synthetic media". This type of media can be easily leveraged on Facebook, Twitter and other social media platforms to launch disinformation campaigns with hijacked identities. READ MORE...
- ...in 1911, actress and television producer Lucille Ball is born in Jamestown, NY.
- ...in 1965, President Lyndon B. Johnson signs the Voting Rights Act of 1965, extending the enforcement of the 14th and 15th Amendments for all Americans.
- ...in 1996, the influential punk rock group The Ramones play their farewell concert at The Palace in Los Angeles.
- ...in 2012, Cadre moves to its current headquarters in the PNC Center in Cincinnati.