<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 09/16/2020

Breaches

U.S. Dept of Veterans Affairs data breach affects 46,000 veterans

The U.S. Department of Veterans Affairs (VA) has suffered a data breach that has led to the exposure of personal information for over 46,000 veterans. The VA department was created to ensure United States veterans receive the health services, benefits, and care they deserve. In a data breach notification released yesterday, the VA states that hackers breached their systems to steal payments earmarked for health care providers who provided treatment to veterans. READ MORE...

Hacking

Bluetooth Spoofing Bug Affects Billions of IoT Devices

The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said. A team of academic researchers have discovered a Bluetooth Low Energy (BLE) vulnerability that allows spoofing attacks that could affect the way humans and machines carry out tasks. It potentially impacts billions of Internet of Things (IoT) devices, researchers said, and remains unpatched in Android devices. READ MORE...


Staples data breach caused by bug in order tracking system

The reason for the recent notification from Staples to some of its customers about exposed order details was caused by insufficient protections for retrieving shopper information from current and past orders. Staples said that they found no evidence of unauthorized purchases on behalf of impacted customers and that they fixed the issue. The alert lacks any technical details that would explain the nature of the problem, leading to some speculation that it was prompted by a hacker incident. READ MORE...


Public disclosure didn't stop suspected Chinese hackers from targeting the Vatican

Hackers with suspected ties to the Chinese government kept up their operations in the weeks after they were caught targeting the Vatican, according to Recorded Future findings published Tuesday. Recorded Future researchers first called out the hacking group's focus on the Vatican and Hong Kong's Catholic Diocese in July, after which the hackers appeared to briefly pause their activity, in a likely effort to evade detection. But within two weeks, the hackers, known as RedDelta, had resumed their activities. READ MORE...

Information Security

How security theater misses critical gaps in attack surface and what to do about it

Bruce Schneier coined the phrase security theater to describe "security measures that make people feel more secure without doing anything to actually improve their security." That's the situation we still face today when it comes to defending against cyber security risks. The insurance industry employs actuaries to help quantify and manage the risks insurance underwriters take. The organizations and individuals that in-turn purchase insurance policies also look at their own biggest risks. READ MORE...


NSA Publishes Guidance on UEFI Secure Boot Customization

The United States National Security Agency (NSA) this week published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature can be customized to fit an organization's needs. A replacement for the legacy Basic Input Output System (BIOS), UEFI is used across multiple architectures and provides broader customization options, higher performance, improved security, and support for more devices. Over the past couple of years, the number of attacks targeting the firmware for persistency on victim systems has increased. READ MORE...

Exploits/Vulnerabilities

U.S. House Passes IoT Cybersecurity Bill

The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices. First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president. The bipartisan legislation is backed by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo). READ MORE...


UK's NCSC Publishes Guide to Implementing a Vulnerability Disclosure Process

The U.K.'s National Cyber Security Center (NCSC) has released a guide to help organizations get started with implementing a vulnerability disclosure process. The NCSC's Vulnerability Disclosure Toolkit is intended for organizations of all sizes, but should not be considered an exhaustive guide. It only presents some of the main components of the vulnerability disclosure process. "It really is in your best interest to encourage vulnerability disclosure. Having a clearly signposted reporting process...". READ MORE...

Science & Culture

Devo Technology Raises $60 Million, Names New CEO

Devo Technology, a company that provides data analytics and security solutions, announced on Tuesday that it has raised another $60 million and that Marc van Zadelhoff has been appointed its chief executive officer. The $60 million that Devo raised in this Series D round brings the total secured by the company to $131 million. The latest funding round was led by Georgian, with participation from Bessemer Venture Partners and Insight Partners. Devo told SecurityWeek that it will use the money to continue its growth in the cybersecurity market. READ MORE...

On This Date

  • ...in 1620, the Mayflower sails from Plymouth, England, bound for the New World with 102 passengers.
  • ...in 1908, William C. Durant founds the General Motors Corporation.
  • ...in 1949, Warner. Bros. introduces the Road Runner in the cartoon short "Fast and Furry-ous."
  • ...in 1966, the Metropolitan Opera House opens at Lincoln Center in New York City.