<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 10/14/2020

Breaches

Norway says Russian hackers were behind August Parliament attack

Norway's Minister of Foreign Affairs Ine Eriksen Søreide today said that Russia is behind the August 2020 cyber-attack on the Norwegian Parliament (Stortinget). "On 24 August, the Storting announced a data breach in their e-mail systems," Søreide said in a press release published earlier today after a briefing that also included Minister of Defense Frank Bakke-Jensen. "Based on the information base the government possesses, it is our assessment that Russia is behind this activity." READ MORE...

Hacking

Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion

Researchers have pieced together details about a newly-identified, financially-motivated hacking group they say is behind bold, large and long-running malware campaigns. And it's only getting worse: The hackers have expanded their range of targets the past two years while using increasingly aggressive ransomware attacks, according to research published Wednesday by FireEye's threat intelligence unit, Mandiant. The company dubbed the group FIN11, a designation it gives financial crime groups. READ MORE...

Trends

G7 Raises Concerns About Rising Cyberattacks Amid Pandemic

Finance ministers from the G7 industrialized countries expressed "concern" on Tuesday over the rise in "malicious cyber-attacks" in the midst of the Covid-19 pandemic, including some involving cryptocurrencies. These ransomware attacks demanding payments often to facilitate money laundering "have been growing in scale, sophistication, and frequency" over the past two years, causing "significant economic damage and (threatening) customer protection and data privacy," the ministers said. READ MORE...

Software Updates

Windows 10 now blocks some third-party drivers from installing

Microsoft says that Windows 10 and Windows Server users will be blocked from installing incorrectly formatted third-party drivers after deploying this month's cumulative updates. "When installing a third-party driver, you might receive the error, 'Windows can't verify the publisher of this driver software'," Microsoft says. "You might also see the error, 'No signature was present in the subject' when attempting to view the signature properties using Windows Explorer." READ MORE...


Adobe fixes critical security vulnerability in Flash Player

Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website. Adobe states that hackers could exploit this vulnerability, tracked as CVE-2020-9746, by inserting malicious strings in HTTP responses when users visit a website. When successfully exploited, the vulnerability could lead to a crash that allows the attacker to execute commands on a visitor's computer remotely. READ MORE...

Information Security

US advisory meant to clarify ransomware payments only spotlights widespread uncertainty

If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message, it may have done the exact opposite. The Oct. 1 advisory from the Office of Foreign Assets Control warned that paying or helping to pay ransoms to anyone on its cyber sanctions list could incur civil penalties. Across some of the industries mentioned in the advisory - like cybersecurity incident response firms and insurance providers. READ MORE...


Amazon Prime Day-8 tips for safer shopping

Avid Amazon Prime Day shoppers may have been worried they'd missed it this year-thanks coronavirus. Fear not, last month Amazon announced Prime Day will take place three months after its original annual date, beginning today. And this year, it'll take place over two days, rather than one. This could mark the beginning of early "peak season" holiday shopping, which usually happens a week before Thanksgiving. That said, it's time to brush up on our cybersecurity wits so we can shop early, safely. READ MORE...

Exploits/Vulnerabilities

Cyber Warriors Sound Warning on Working From Home

Cyber warriors on NATO's eastern edge are warning that the growing number of people working from home globally due to the pandemic is increasing vulnerability to cyber attacks. The Baltic state of Estonia hosts two cyber facilities for the Western military alliance -- set up following a series of cyber attacks from neighbour Russia more than a decade ago. "Large scale use of remote work has attracted spies, thieves and thugs," Jaak Tarien, head of NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE), told AFP in an interview. READ MORE...


Major gaps in virtual appliance security plague organizations

As evolution to the cloud is accelerated by digital transformation across industries, virtual appliance security has fallen behind, Orca Security reveals. Virtual appliance security: The report illuminated major gaps in virtual appliance security, finding many are being distributed with known, exploitable and fixable vulnerabilities and on outdated or unsupported operating systems. To help move the cloud security industry towards a safer future and reduce risks for customers. READ MORE...


Foxit Patches Code Execution Vulnerabilities in PDF Software

PDF software developer Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS applications. The Chinese software company's tools allow users to create and edit PDF files, as well as secure them when necessary. Foxit also offers products under a freemium licensing model. Last week, the company released security updates for both Foxit PhantomPDF Mac and Foxit Reader Mac, to address a vulnerability that could result in code injection or information disclosure. READ MORE...

Science & Culture

This machine takes office-air CO2 and turns it into fuel

Finnish Soletair Power markets carbon capture as indoor air quality control. At Ars, we get a lot of pitches from start-ups that want to talk about their products. At least for this science reporter, the feeling is rarely mutual. But once in a while, something piques my curiosity. Something like… carbon capture for an office HVAC system. Over a video call, Finnish start-up Soletair Power recently showed off a unit operating in its office. It had been built for the 2020 World Expo in Dubai, but, well, you know what has happened to expos. READ MORE...


Severed cable takes out Virginia voter site on registration deadline

Today is the last day to register to vote in the commonwealth of Virginia, so of course the official website for updating or managing voter registration is offline. Unlike in Florida, however, Virginia's site did not crash from high traffic but instead was rendered inaccessible because a vital fiber connecting the state's digital infrastructure was physically cut. Twitter users began to notice the state's voter registration page was failing to load sometime after 8:30 this morning, and at 9:00. READ MORE...

On This Date

  • ...in 1884, George Eastman receives a patent for his paper-strip photographic film.
  • ...in 1947, Charles "Chuck" Yeager becomes the first pilot to break the sound barrier, flying the experimental Bell X1 rocket plane.
  • ...in 1962, the Cuban Missile Crisis begins when US aerial reconnaissance spies Soviet-made missiles capable of carrying nuclear warheads being installed in western Cuba.
  • ...in 2012, daredevil Felix Baumgartner successfully parachutes from a height of 24 miles, setting multiple world records for both altitude and free-fall velocity.