IT Security Newsletter - 10/15/2019
Pitney Bowes Hit with Ransomware Attack
Shipping services company Pitney Bowes was hit with a ransomware attack that disrupted customer access to key services, the company said Monday. The attack comes on the heels of an FBI advisory on Oct. 2 that U.S. companies should be on alert for ransomware attacks, which are increasing in sophistication. A malware attack encrypted information on some systems but did not seem to access any customer or employee data, the company said in a statement on its website.
A Deepfake Deep Dive into the Murky World of Digital Imitation
About a year ago, top deepfake artist Hao Li came to a disturbing realization: Deepfakes, i.e. the technique of human-image synthesis based on artificial intelligence (AI) to create fake content, is rapidly evolving. In fact, Li believes that in as soon as six months, deepfake videos will be completely undetectable. And that’s spurring security and privacy concerns as the AI behind the technology becomes commercialized – and gets in the hands of malicious actors.
Krebs on Security: “BriansClub” Hack Rescues 26M Stolen Cards
“BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.
Samsung Galaxy S10 Fingerprint Reader Defeated by Silicon Case
A couple in the UK experienced a weird bug on their Samsung Galaxy S10 that allows bypassing the fingerprint reader to unlock the phone regardless of the biometric data registered in the device. Endeavors in the past tricked biometric protection in phones from multiple brands. Hackers were able to recreate a fingerprint from high-resolution photos and transfer them onto a thin film. Lisa and Wes Neilson's experience, though, is different and does not involve any technology, just a cheap silicon case.
Linux SUDO Bug Lets You Run Commands as Root, Most Installs Unaffected
A vulnerability in the Linux sudo command has been discovered that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. Before we get to the vulnerability it is important to have some background information on how the sudo command works and how it can be configured.