IT Security Newsletter

IT Security Newsletter 10/22/2020

Written by Cadre | Thu, Oct 22, 2020

Sopra Steria hit by cyber attack. IT services group suspected of falling victim to ransomware

European IT services group Sopra Steria has been hit by a cyber attack. Which would be unfortunate for any business at the best of times, but is possibly even more galling for a firm like Sopra Steria which has a specialist cybersecurity branch which claims to help customers "protect sensitive information, and prevent costly data breaches." Naturally Sopra Steria's corporate clients, some of whom rely upon the firm to operate their core business processes and IT systems, will be concerned and will have plenty of questions regarding the nature of the attack. READ MORE...

Justice Department official accuses China of acting as 'safe haven' for cybercriminals

China is increasingly tolerant of criminal hackers on its soil if they are willing to hack on behalf of the Chinese government, a senior U.S. Justice Department official has alleged. Recent U.S. indictments of accused Chinese hackers indicate that the country "has become a safe haven for cybercriminals as long as they're also doing work on behalf of the state," John Demers, the assistant attorney general for national security, alleged in an interview for CyberTalks. READ MORE...

Data protection predictions for 2021

2020 presented us with many surprises, but the world of data privacy somewhat bucked the trend. Many industry verticals suffered losses, uncertainty and closures, but the protection of individuals and their information continued to truck on. After many websites simply blocked access unless you accepted their cookies (now deemed unlawful), we received clarity on cookies from the European Data Protection Board (EDPB). With the ending of Privacy Shield, we witnessed the cessation of a legal basis for cross border data transfers. READ MORE...

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites. The flaw can be exploited if a user attempts to log into a Loginizer-protected website with a carefully-crafted username. READ MORE...

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they've also caused quite the headache for browser vendors to fix. Browser lockers are only one element of a bigger plan to redirect traffic from certain sites, typically via malvertising chains from adult portals or sites that offer pirated content. There's a slightly different campaign that we've been tracking for several weeks. READ MORE...

QNAP Issues Advisory on Zerologon Vulnerability

Storage solutions provider QNAP this week published an advisory to warn customers that certain versions of QTS, the operating system for its network-attached storage (NAS) devices, are affected by the Zerologon vulnerability. Residing in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) and addressed on August 2020 Patch Tuesday, the flaw started gaining attention after CISA on September 18 issued an Emergency Directive requiring federal agencies to install the available patches within three days. READ MORE...

DOJ efforts to weaken encryption place national security at risk, congressman says

Rep. Ro Khanna has one message for politicians who continue to suggest technology companies should give law enforcement agencies access to encrypted data: This is a power grab. The U.S. Department of Justice has long called for technology firms to create software that would allow law enforcement agencies to investigate suspects who use encryption to hide illegal behavior. For Khanna, a California Democrat, the tradeoff is too dangerous. Legislation that enables law enforcement to crack strong security measures. READ MORE...

Time for a mobile privacy reset?

If you've updated your Apple phone or your Android to the latest version - iOS 14 and Android 11 respectively - you may have noticed that they come with enhanced privacy controls. These new versions allow you to more easily check, and change, the personal information and phone features that individual apps can access. So how about taking this opportunity to give your personal and work phones a mobile privacy health check? Even if you're running earlier OS versions - or don't have a smartphone at all! READ MORE...

  • ...in 1797, The first parachute jump is made by AndrÉ-Jacques Garnerin from a hydrogen balloon 3,200 feet above Paris.
  • ...in 1907, Ringling Brothers buys Barnum & Bailey.
  • ...in 1914, Congress enacted the first income tax.
  • ...in 1962, President Kennedy tells Americans about the Cuban Missile Crisis and announces the blockade of Cuba.