IT Security Newsletter - 10/07/2020
Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers
Two months after securing a $33 million funding round from investors, food delivery startup Chowbus is grappling with a breach that observers say exposed personal data on hundreds of thousands of customers. Customers reported receiving an email on Monday from Chowbus containing reams of customer data, including names, phone numbers and mailing and email addresses. The file is said to contain more than 800,000 rows. The incident is a blow for a budding company that had recently attracted funding. READ MORE...
Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated
More than 200 people have died in clashes between ethnic Armenian separatists and Azerbaijani government forces over the breakaway region of Nagorno-Karabakh in the last 10 days. It's the worst outbreak of violence related to Nagorno-Karabakh since Armenia and Azerbaijan, two former Soviet republics, fought a war over the enclave in the 1990s. And this time, hacking has come with the fighting. Unidentified spies have in recent weeks been quietly breaching Azerbaijani government IT networks. READ MORE...
Malware campaigns deliver payloads via obscure paste service
Multiple malware campaigns have been spotted using Pastebin-style services to facilitate their nefarious activities. Instead of delivering payload from a dedicated Command-and-Control (C&C) server, paste sites enable attackers to hide their malicious code in plain sight. This week Juniper Threat Labs have identified malware campaigns relying on legitimate paste services like paste.nrecom.net to host the malicious payload. This service is based on an open-source Pastebin implementation called Strikked. READ MORE...
Cloudflare can now send DDoS alerts for sites are under attack
Cloudflare now allows paid customers to create notifications that warn them when their sites are under a DDoS attack. A distributed denial of service (DDoS) attack is when an attacker floods a web server or an Internet connection with more requests than it can handle. This flooding of requests causes the service to become unavailable, and the company or person experiences an outage. Cloudflare has always offered DDoS protection as one of its core offerings, but unless a site owner or administrator were actively using their site. READ MORE...
Infosec researchers pwned Comcast's voice-activated remote control so it could snoop on household chit-chat
A voice-activated TV remote can be turned into a covert home surveillance device, according to researchers from infosec firm Guardicore who probed the device to show that a man-in-the-middle attack could compromise it. Guardicore discovered an attack vector on US telco giant Comcast's Xfinity XR11 voice remote - of which around 18 million units have been sold - that allowed malicious people to turn it into an eavesdropping device. Dubbing the attack method WarezTheRemote, researchers explained. READ MORE...
New Research Finds Bugs in Every Anti-Malware Product Tested
Products from every vendor had issues that allowed attackers to elevate privileges on a system -- if they already were on it. A majority of security tools that organizations use to defend against malware attacks are themselves vulnerable to exploits that allow attackers to escalate privileges on a compromised system, a new CyberArk study has found. CyberArk tested products from multiple major security vendors, including Kaspersky, Symantec, Trend Micro, McAfee, and Check Point Software Technologies. READ MORE...
UK, French, Belgian blanket spying systems ruled illegal by Europe's top court
Analysis Mass surveillance programs run by the UK, French and Belgian governments are illegal, Europe's top court has decided in a huge win for privacy advocates. The European Court of Justice (CJEU) announced on Tuesday that legislation passed by all three countries that allows the government to demand traffic and location data from internet and mobile providers in "a general or indiscriminate way" breaks EU data privacy laws - even when national security concerns are invoked. READ MORE...
- ...in 1931, South African archbishop and Nobel Prize-winning anti-apartheid activist Desmond Tutu is born in Klerksdorp, Western Transvaal.
- ...in 1951, singer-songwriter John Mellencamp ("Jack & Diane", "Pink Houses") is born in Seymour, IN.
- ...in 1955, cellist and Presidential Medal of Freedom recipient Yo-Yo Ma is born in Paris, France.
- ...in 1959, the Soviet probe Luna 3 transmits the first-ever photographs of the far side of the Moon.