<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 10/16/2020

Breaches

Joker's Stash, one of the most notorious web forums for stolen credit card data, has claimed a new scalp.

Joker's Stash, one of the most notorious web forums for stolen credit card data, has claimed a new scalp. Sellers on the site this week claimed to be offering 3 million payment card numbers used at Dickey's Barbecue Pit, a U.S. fast-food chain, researchers at intelligence firm Gemini Advisory said Thursday. More than 100 of the barbecue joint's locations were affected by the breach, and the data is being sold for a median price of $17 per card, according to the research. READ MORE...

Hacking

Crytek hit by Egregor ransomware, Ubisoft data leaked

This week, the Egregor ransomware game posted archives containing unencrypted files, stating that they were stolen from Ubisoft and Crytek in unrelated attacks. While it has not been confirmed if the attack against Ubisoft is legitimate, BleepingComputer has confirmed that Crytek suffered a ransomware attack. Crytek hit by confirmed ransomware attack. This week, sources told BleepingComputer that Crytek had suffered an attack at the hands of the Egregor ransomware operators. READ MORE...


Hackers Target Puerto Rico Firefighting Department Servers

Puerto Rico's firefighting department said Wednesday that its database was hacked by unknown people demanding $600,000 in an act of alleged extortion. The department's director, Alberto Cruz, said in a statement the situation has not affected its ability to respond to emergencies. Police said the department received an email notifying it that hackers had encrypted its servers and wouldn't release them until they got paid. The department contacted police and have not paid the money, officials said. READ MORE...


Former Roommate of Accused Capital One Hacker Sentenced

The former roommate of a woman accused of hacking Capital One banking company and at least 30 other organizations has been sentenced to four years in prison for illegally possessing firearms, according to federal prosecutors. Park Quan, 67, was sentenced Wednesday in U.S. District Court in Seattle after pleading guilty to being a felon in possession of guns, according to U.S. Attorney Brian Moran. Quan has been in custody since his arrest and plea in June. In imposing the four-year sentence. READ MORE...

Trends

Early Stage Investment in Cybersecurity Shows Signs of Stabilization

Early stage venture investment in cybersecurity has apparently started to stabilize in the third quarter of 2020, according to Washington, D.C.-based cybersecurity venture capital firm and incubator DataTribe. A report published by DataTribe in March revealed that the number of early stage investments in cyber had declined in the first two months of 2020 compared to the same period of the previous year, but noted that the drop was likely not caused by the COVID-19 pandemic. READ MORE...

Malware

QQAAZZ group charged for laundering money stolen by malware gangs

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. Law enforcement estimations say that QQAAZZ laundered, or at least attempted to launder, tens of millions stolen from cybercrime victims starting with 2016. "QQAAZZ advertised its services as a 'global, complicit bank drops service' on Russian-speaking [...]" READ MORE...


Thousands of infected IoT devices used in for-profit anonymity service

Some 9,000 devices-mostly running Android, but also the Linux and Darwin operating Systems-have been corralled into the Interplanetary Storm, the name given to a botnet whose chief purpose is creating a for-profit proxy service, likely for anonymous Internet use. The finding is based on several pieces of evidence collected by researchers from security provider Bitdefender. The core piece of evidence is a series of six specialized nodes that are part of the management infrastructure. READ MORE...

Exploits/Vulnerabilities

Critical SonicWall vulnerability affects 800K firewalls, patch now

A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs. When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. Tracked as CVE-2020-5135, the vulnerability impacts multiple versions of SonicOS ran by hundreds of thousands of active VPNs. Craig Young of Tripwire Vulnerability and Exposure Research Team (VERT) and Nikita Abramov of Positive Technologies have been credited with discovering and reporting the vulnerability. READ MORE...


British Airways fined £20m for Magecart hack that exposed 400k folks' credit card details to crooks

Airline was saving domain admin creds and card details alike in plaintext. British Airways is to pay a £20m data protection fine after its 2018 Magecart hack - even though the Information Commissioner's Office discovered the airline had been saving credit card details in plain text since 2015. The fine, announced this morning by the UK's data watchdog, is almost exactly at the reduced £19.8m level that BA parent company the International Airlines Group had expected back in August. READ MORE...

Encryption

US Department of Justice reignites the Battle to Break Encryption

The US Department of Justice (DOJ), together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Last weekend, the DOJ put out a press release co-signed by the governments of the UK, Australia, New Zealand, Canada, India and Japan, entitled International Statement: End-To-End Encryption and Public Safety. You might not have seen the press release (it was put out on Sunday, an unusual day for news releases in the West). READ MORE...

On This Date

  • ...in 1758, lexicographer and author Noah Webster, Jr., whose work was the basis for the modern Merriam-Webster English dictionary, is born in Hartford, CT.
  • ...in 1793, deposed Queen Consort Marie Antoinette of France is executed by guillotine at the height of the French Revolution.
  • ...in 1923, The Walt Disney Company is founded by brothers Walt and Roy Disney.
  • ...in 1950, C.S. Lewis publishes "The Lion, the Witch, and the Wardrobe", the first book written in his "Chronicles of Narnia" series.