IT Security Newsletter

IT Security Newsletter - 1/3/2020

Written by Cadre | Fri, Jan 3, 2020

Data Breach Affects 63 Landry’s Restaurants

Dining giant Landry’s disclosed a data breach, Thursday, warning that malware had infected its order-entry systems to steal customers’ payment card information. Landry’s, which owns over 600 popular American restaurants across 35 states, such as Del Frisco’s Grill, McCormick & Schmick’s, Rainforest Café and more, said that 63 of these restaurants were impacted by malware that targeted customers’ payment card data (a full list of impacted restaurants is available here).

Maze Ransomware Sued for Publishing Victim's Stolen Data

The anonymous operators behind the Maze Ransomware are being sued by a victim for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid. The company suing Maze is Southwire, a leading wire and cable manufacturer from Carrollton, Georgia, who was attacked in December 2019. As part of this attack, the ransomware allegedly stole 120GB of data and encrypted 878 devices.

Starbucks Devs Leave API Key in GitHub Public Repo

One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The severity rating of the vulnerability was set to critical as the key allowed access to a Starbucks JumpCloud API. JumpCloud is an Active Directory management platform billed as an Azure AD alternative. It provides user management, web app single sign-on (SSO) access control, and Lightweight Directory Access Protocol (LDAP) service.

Remote Command Execution Vulnerability Affects Many D-Link Routers

Proof-of-concept (PoC) exploits were recently made public by researchers for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. Miguel Méndez Zúñiga and Pablo Pollanco of Telefónica Chile recently disclosed the details of the vulnerabilities in a couple of blog posts published on Medium. In addition to technical details and PoC code, they have posted videos showing how each of the flaws can be exploited.

Critical Vulnerabilities Impact Ruckus Wi-Fi Routers

Multiple critical vulnerabilities in Ruckus Wi-Fi routers used throughout the world were disclosed at the 36th Chaos Communication Congress (CCC) in Leipzig, Germany, held from December 27-30, 2019. Ruckus offers high-end wirelesss networking gear that provides mesh Wi-Fi (called 'Unleashed') and regular routers to hundreds of thousands of customers. The mesh Wi-Fi is common in conferences (it was used at Black Hat last year), airports, hotels and other large areas that require Wi-Fi access.

U.S. Army bans TikTok amid ongoing scrutiny of Chinese-made video app

The U.S. Army is barring its soldiers from using TikTok, a video-sharing app owned by a company with ties to the Chinese government. Lt. Col. Robin Ochoa, an Army spokeswoman, told Military.com on Dec. 30 the military branch considers TikTok a “cyberthreat” and that personnel may not use the app on government phones. Some 1.3 billion people globally use TikTok to create short videos.

Cisco issues critical security warnings for its Data Center Network Manager

Cisco this week issued software to address multiple critical authentication exposures in its Data Center Network Manager (DCNM) software for its Nexus data center switches. DCNM is a central management dashboard for data-center fabrics based on Cisco Nexus switches and handles a number of core duties such as automation, configuration control, flow policy management and real-time health details for fabric, devices, and network topology.