IT Security Newsletter - 09/21/2020
Health Care Patient, Donor Data May Have Been Breached
Patients and donors to at least four different health care providers in Minnesota are being notified that their personal information may have been compromised. The potential data breach involves hundreds of thousands of patients and donors at Children's Minnesota, Allina Health, Regions Hospital and Gillette Children's Specialty Healthcare. The hack is part of a ransomware attack on a cloud computing company called Blackbaud, which manages databases for a number of nonprofits. READ MORE...
Leading U.S. laser developer IPG Photonics hit with ransomware
IPG Photonics, a leading U.S. developer of fiber lasers for cutting, welding, medical use, and laser weaponry has suffered a ransomware attack that is disrupting their operations. Based out of Oxford, Massachusets, IPG Photonics has locations worldwide where they employ over 4,000 people and have a $1.3 billion revenue in 2019. The company's lasers were used as part of the U.S. Navy's Laser Weapon System (LaWS) that was installed on the USS Ponce. This system is an experimental defensive weapon against small threats and vehicles. READ MORE...
Tutanota encrypted email service suffers DDoS cyberattacks
Encrypted email service, Tutanota has experienced a series of DDoS attacks this week, first targeting the Tutanota website and further its DNS providers. This had caused downtime for several hours for millions of Tutanota users. The outage was further exacerbated by the fact that different DNS servers continued to cache the incorrect entries for the domain. Tutanota is a German provider of end-to-end encrypted email service with over 2 million users. The company is frequently cited alongside popular encrypted email providers like ProtonMail. READ MORE...
Telegram messages are a focus in newly uncovered hack campaign from Iran
Researchers said they have uncovered an ongoing surveillance campaign that for years has been stealing a wide range of data on Windows and Android devices used by Iranian expatriates and dissidents. The campaign, which security firm Check Point has named Rampant Kitten, comprises two main components, one for Windows and the other for Android. Rampant Kitten's objective is to steal Telegram messages, passwords, and two-factor authentication codes sent by SMS and then also take screenshots. READ MORE...
Google App Engine feature abused to create unlimited phishing pages
A newly discovered technique by a researcher shows how Google's App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products. Google App Engine is a cloud-based service platform for developing and hosting web apps on Google's servers. While reports of phishing campaigns leveraging enterprise cloud domains are nothing new, what makes Google App Engine infrastructure risky in how the subdomains get generated and paths are routed. READ MORE...
Is domain name abuse something companies should worry about?
Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, "domain name abuse" is something that can ruin your reputation. Losing control: There are several ways in which perpetrators can abuse your good name to make a profit for themselves, while ruining your good name in the process. The first two are closely related and are usually the result of an attack or breach of some kind. READ MORE...
Most people ignore QR code security concerns
QR codes are rising in popularity and use, according to a consumer sentiment study by MobileIron. Sixty-four percent of respondents stated that a QR code makes life easier in a touchless world - despite a majority of people lacking security on their mobile devices, with 51% of respondents stating they do not have or do not know if they have security software installed on their mobile devices. Mobile devices have become even more important and ingrained in everyone's lives during the COVID-19 pandemic. READ MORE...
Charities and the advertising industry: data ecosystems and privacy risks
Data makes the world go round, more often than not via advertising and its tracking mechanisms. Whether you think making money from large volumes of PII to keep the web ticking over is a good thing, or a sleazy data-grab often encouraging terrible ad practices, it's not going to go away anytime soon. Charity advertising is an important feature of revenue generation for UK-based charitable organisations, and that's where our focus lies in this post. READ MORE...
Information Disclosure, XSS Vulnerabilities Patched in Drupal
Several information disclosure and cross-site scripting (XSS) vulnerabilities, including one rated critical, have been patched this week in the Drupal content management system (CMS). The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9. It's worth noting that Drupal uses the NIST Common Misuse Scoring System to determine security risk levels and critical is the second highest level, after highly critical. The issue is a reflected XSS and exploitation is only possible under certain circumstances. READ MORE...
DHS Orders Federal Agencies to Immediately Patch 'Zerologon' Vulnerability
The Department of Homeland Security (DHS) on Friday issued an Emergency Directive that requires federal agencies to install fixes for a Netlogon elevation of privilege vulnerability for which Microsoft released patches in August 2020. Tracked as CVE-2020-1472 and discovered by researchers at cybersecurity firm Secura, the issue exists in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) "when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller." READ MORE...