IT Security Newsletter - 1/6/2020
Travelex still offline after discovering malware on New Year’s Eve
On New Year’s Eve foreign currency exchange service Travelex took its systems offline after it discovered a “software virus” (as opposed, presumably, to a common cold) had compromised some of its systems. The company, which claims to be the world’s largest foreign exchange bureau, is still offline today – as anyone visiting its website can see for themselves:
Cryptocurrency exchange Poloniex issues password reset warning
When is a password breach not a password breach? When is a password warning a hoax? That’s the double-trouble situation that faced cryptocurrency exchange Poloniex this week, following a tweet at the end of last year in which, according to Poloniex: "[S]omeone leaked a list of email addresses and passwords on Twitter, claiming the information could be used to log in to Poloniex accounts."
'Serious' Cyber Attack Hits Austrian Ministry
Austria's foreign ministry has been targeted by a "serious cyber attack", officials said, warning another country could be responsible. The attack, which began Saturday, was continuing on Sunday and "experts say it could last several days," a foreign ministry spokesman told AFP. The interior and foreign ministries issued a statement about the attack which started shortly before 11.00 pm (2200 GMT) on Saturday.
U.S. Government Issues Warning About Possible Iranian Cyberattacks
Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency issued a warning about a potential new wave of Iranian cyber-attacks targeting U.S. assets after Maj. Gen. Qassim Suleimani was killed by a U.S. airstrike at the Baghdad airport in Iraq. "Given recent developments, re-upping our statement from the summer," Krebs said in a rare warning on Twitter.
Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless
A ransomware attack reportedly caused an Arkansas-based telemarketing company to temporarily suspend its operations, leaving hundreds of employees unsure that they still had jobs days before Christmas. The Heritage Company, a 61-year-old telemarketing firm that works with nonprofit organizations, sent a letter to its more than 300 employees saying it has lost hundreds of thousands of dollars due to the attack.
Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools
The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications. When the Clop Ransomware started circulating in February 2019, it was just your normal garden variety CryptoMix ransomware variant with the same features we have been seeing in this family since 2017.
Cisco Data Center Network Manager flaws fixed, Cisco ASA appliances under attack
Cisco has fixed 12 vulnerabilities in Cisco Data Center Network Manager (DCNM), a platform for managing Cisco switches and fabric extenders that run NX-OS, and has warned about a spike in exploitation attempts of an old flaw affecting Cisco Adaptive Security Appliance (ASA) and Firepower Appliance software.
Google Boots Security Camera Maker From Nest Hub After Private Images Go Public
China-based electronics company Xiaomi said it has fixed a “cache update” issue for its Xiaomi Mijia smart camera after a Reddit user claims that attempts to view Xiaomi camera footage on his Google Nest Hub instead showed videos of strangers. The issue was first reported by a user on Reddit who owns a Xiaomi Mijia 1080p Smart IP camera.