<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 10/29/2019

Breaches_ITSEC-1

U.S. Food Chain Alerts Customers of Payment Card Incident

U.S. fast-food restaurant chain Krystal disclosed a security incident involving one of is payment processing systems and affecting some of its restaurants between July and September 2019. Krystal was founded back in 1932, currently has 342 locations in the Southern United States and "is the original quick-service restaurant chain in the South" according to a press release published on Friday.


Data Breach at St. Louis Health Center Impacts up to 152,000

Officials at a St. Louis health center that serves needy, uninsured residents says a cyber-attack has caused a data breach that potentially affected 152,000 people. The Betty Jean Kerr People's Health Center said Friday that the attack involved patient information such as addresses and social security numbers, but no patient medical records. Information on medical providers and health center employees also was breached.


UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity

Despite investing 2.4 billion euros since 2016 to upgrade its cybersecurity profile, Italian banking institution UniCredit has suffered its third recent data breach, this time impacting 3 million customers. The company said in a short data breach announcement on its website that names, telephone numbers, email addresses and cities where clients were registered were exposed via unauthorized access to a file generated in 2015.

Hacking_ITSEC

Microsoft Warns of Cyberattacks Against Anti-Doping Orgs

State-sponsored hackers from Russia have compromised multiple anti-doping and sporting organizations. The cyberattacks targeted at least 16 agencies across the world. Security researchers at Microsoft say that the hacking activity started on September 16. The events preceded news from the World Anti-Doping Agency (WADA) about inconsistencies found in a database from Russia's national anti-doping laboratory.


Cybercriminals Impersonate Russian APT ‘Fancy Bear’ to Launch DDoS Attacks

Cybercriminals posing as the Russian APT group Fancy Bear have been launching DDoS attacks against companies in the financial sector and demanding ransom payments, according to a new report. The large-scale, multi-vector DDoS attacks come with accompanying ransom letter. They started about a week ago against financial companies mainly located in Singapore, South Africa, and some Scandinavian countries, according to the report, which also published a copy of the ransom letter.

Trends_ITSEC

Is Voting by Mobile App a Better Security Option or Just 'A Bad Idea'?

Paper ballots and risk-limiting audits — the manual sampling of votes — have become the new best practices for protecting US elections in the aftermath of Russia's election meddling and hacking of voter registration databases during the 2016 presidential campaign. Adding a paper trail to electronic voting to ensure ballots get accurately counted in the digital age may seem, well, a bit counterintuitive.

Exploits_ITSEC

How a months-old AMD microcode bug destroyed my weekend

This weekend, I was excited to deploy my first Ryzen 3000-powered workstation in my home office. Unfortunately, a microcode bug—originally discovered in July but still floating around in large numbers in the wild—wrecked my good time. I eventually got my Ryzen 3700X system working, and it's definitely fast. But unfortunately, it's still bugged, and there's no easy way to fix it.