<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 09/21/2020

SHARE

Breaches

Health Care Patient, Donor Data May Have Been Breached

Patients and donors to at least four different health care providers in Minnesota are being notified that their personal information may have been compromised. The potential data breach involves hundreds of thousands of patients and donors at Children's Minnesota, Allina Health, Regions Hospital and Gillette Children's Specialty Healthcare. The hack is part of a ransomware attack on a cloud computing company called Blackbaud, which manages databases for a number of nonprofits. READ MORE...

Hacking

Leading U.S. laser developer IPG Photonics hit with ransomware

IPG Photonics, a leading U.S. developer of fiber lasers for cutting, welding, medical use, and laser weaponry has suffered a ransomware attack that is disrupting their operations. Based out of Oxford, Massachusets, IPG Photonics has locations worldwide where they employ over 4,000 people and have a $1.3 billion revenue in 2019. The company's lasers were used as part of the U.S. Navy's Laser Weapon System (LaWS) that was installed on the USS Ponce. This system is an experimental defensive weapon against small threats and vehicles. READ MORE...


Tutanota encrypted email service suffers DDoS cyberattacks

Encrypted email service, Tutanota has experienced a series of DDoS attacks this week, first targeting the Tutanota website and further its DNS providers. This had caused downtime for several hours for millions of Tutanota users. The outage was further exacerbated by the fact that different DNS servers continued to cache the incorrect entries for the domain. Tutanota is a German provider of end-to-end encrypted email service with over 2 million users. The company is frequently cited alongside popular encrypted email providers like ProtonMail. READ MORE...

Malware

Telegram messages are a focus in newly uncovered hack campaign from Iran

Researchers said they have uncovered an ongoing surveillance campaign that for years has been stealing a wide range of data on Windows and Android devices used by Iranian expatriates and dissidents. The campaign, which security firm Check Point has named Rampant Kitten, comprises two main components, one for Windows and the other for Android. Rampant Kitten's objective is to steal Telegram messages, passwords, and two-factor authentication codes sent by SMS and then also take screenshots. READ MORE...


Google App Engine feature abused to create unlimited phishing pages

A newly discovered technique by a researcher shows how Google's App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products. Google App Engine is a cloud-based service platform for developing and hosting web apps on Google's servers. While reports of phishing campaigns leveraging enterprise cloud domains are nothing new, what makes Google App Engine infrastructure risky in how the subdomains get generated and paths are routed. READ MORE...

Information Security

Is domain name abuse something companies should worry about?

Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, "domain name abuse" is something that can ruin your reputation. Losing control: There are several ways in which perpetrators can abuse your good name to make a profit for themselves, while ruining your good name in the process. The first two are closely related and are usually the result of an attack or breach of some kind. READ MORE...


Most people ignore QR code security concerns

QR codes are rising in popularity and use, according to a consumer sentiment study by MobileIron. Sixty-four percent of respondents stated that a QR code makes life easier in a touchless world - despite a majority of people lacking security on their mobile devices, with 51% of respondents stating they do not have or do not know if they have security software installed on their mobile devices. Mobile devices have become even more important and ingrained in everyone's lives during the COVID-19 pandemic. READ MORE...


Charities and the advertising industry: data ecosystems and privacy risks

Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it's not going to go away anytime soon. Charity advertising is an important feature of revenue generation for UK-based charitable organisations, and that's where our focus lies in this post. READ MORE...

Exploits/Vulnerabilities

Information Disclosure, XSS Vulnerabilities Patched in Drupal

Several information disclosure and cross-site scripting (XSS) vulnerabilities, including one rated critical, have been patched this week in the Drupal content management system (CMS). The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9. It's worth noting that Drupal uses the NIST Common Misuse Scoring System to determine security risk levels and critical is the second highest level, after highly critical. The issue is a reflected XSS and exploitation is only possible under certain circumstances. READ MORE...


DHS Orders Federal Agencies to Immediately Patch 'Zerologon' Vulnerability

The Department of Homeland Security (DHS) on Friday issued an Emergency Directive that requires federal agencies to install fixes for a Netlogon elevation of privilege vulnerability for which Microsoft released patches in August 2020. Tracked as CVE-2020-1472 and discovered by researchers at cybersecurity firm Secura, the issue exists in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) "when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller." READ MORE...