<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 09/23/2020

SHARE

Breaches

Rogue Shopify Staff Accessed Customer Records, Says Ecommerce Platform Investigating Security Breach

Shopify, the major ecommerce platform which powers many online stores, has revealed that it suffered a serious breach of security at the hands of two rogue employees. According to a statement released by the firm, two unnamed members of Shopify's support team abused their access to the company's systems in order to access customer transaction details from approximately 200 merchants running online stores. Customer data which may have been exposed includes: Contact information . READ MORE...

Hacking

Airbnb Accounts Exposed to Hijacking Due to Phone Number Recycling

A cybersecurity enthusiast learned recently that Airbnb accounts can be easily hijacked by creating a new account on the home-rental service with a phone number that in the past belonged to another Airbnb customer. The security risk posed by recycled phone numbers has been known for years, and the services of several major companies were found to be impacted in the past. It seems that Airbnb is affected as well, but the company says only a very small number of users are impacted. READ MORE...


New Zebrocy Campaign Suggests Russia Continues Attacks on NATO

QuoINT security researchers have identified a new Zebrocy campaign targeting countries associated with the North Atlantic Treaty Organization (NATO). Detailed for the first time in 2018, Zebrocy has been associated with the Russia-linked state-sponsored threat actor APT28 (also known as Fancy Bear, Pawn Storm, Sednit, and Strontium), which has been active since at least 2007. While some security researchers see Zebrocy as a separate adversary, others have shown connections between various threat actors operating out of Russia. READ MORE...

Trends

Your best defense against ransomware: Find the early warning signs

As ransomware continues to prove how devastating it can be, one of the scariest things for security pros is how quickly it can paralyze an organization. Just look at Honda, which was forced to shut down all global operations in June, and Garmin, which had its services knocked offline for days in July. Ransomware isn't hard to detect but identifying it when the encryption and exfiltration are rampant is too little too late. However, there are several warning signs that organizations can catch before the real damage is done. READ MORE...

Malware

New ransomware actor OldGremlin uses custom malware to hit top orgs

A new ransomware group has been targeting large corporate networks using self-made backdoors and file-encrypting malware for the initial and final stages of the attack. Researchers are tracking the gang using the codename OldGremlin. Their campaigns appear to have started in late March and have not expanded globally, yet. Attacks attributed to this group have been identified only in Russia but there is a strong suspicion that OldGremlin is currently operating at smaller scale. READ MORE...


A new ransomware gang is aiming at big Russian targets, researchers say

Medical labs, banks, manufacturers and software developers in Russia are the prime targets for a new ransomware gang that began operating with custom tools as early as March of this year, according to researchers at the security vendor Group-IB. The attackers insert their hacking tools into networks via malware downloaded through spearphishing emails, then encrypt files and hold them ransom for about $50,000, Group IB says. The group, dubbed OldGremlin, has only targeted Russian companies so far, Group-IB says. READ MORE...

Information Security

Startup Aims to Map and Track All the IT and Security Things

Security service JupiterOne spins off from a healthcare service provider's homegrown technology. A security-as-a-service startup that emerged from stealth last week with $19 million in Series A funding aims to tackle a longstanding challenge for IT and security teams: finding - and keeping up-to-date - all of an organization's online devices and assets, including cloud-native services and connections. JupiterOne joins the ranks of the emerging and maturing IT and security asset management sector. READ MORE...

Exploits/Vulnerabilities

Google Cloud Buckets Exposed in Rampant Misconfiguration

A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows. Six percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents. In a survey of 2,064 Google Cloud buckets by Comparitech, 131 of them were found to be vulnerable to unauthorized access by users who could list, download and/or upload files. Among the exposed data that the firm uncovered were 6,000 scanned documents. READ MORE...


Samba Issues Patches for Zerologon Vulnerability

The Samba team has released patches for a critical-severity elevation of privilege vulnerability impacting the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Also referred to as Zerologon and tracked as CVE-2020-1472, the security issue was addressed on August 2020 Patch Tuesday and can be triggered when an adversary connects to a domain controller using a vulnerable Netlogon secure channel connection. An attacker can leverage a specially crafted application on a device connected to the network to exploit the vulnerability. READ MORE...


Vulnerability Disclosure Programs See Signups & Payouts Surge

More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million. Security researchers have been busy over the past year, earning more than $44.75 million in bounties for vulnerability disclosure. More organizations are adopting vulnerability disclosure programs (VDPs), experts say, and they're paying hackers more for the critical flaws they find. HackerOne today published its fourth annual Hacker Powered Security Report. READ MORE...

Science & Culture

Lenovo begins selling OEM Ubuntu PCs to the general public

Beginning today, Lenovo is offering a greatly expanded selection of OEM Linux PCs to the general public. Earlier this year, Lenovo began offering Fedora Linux pre-installed on laptop systems including Thinkpad P1 Gen 2, Thinkpad P54, and Thinkpad X1 Gen 8. Today's announcement makes Ubuntu Linux available on a considerably broader swath of both desktop and laptop PCs. The devices themselves-and their Ubuntu certifications-aren't new, but the public accessibility is. READ MORE...