IT Security Newsletter - 10/3/2019
Zendesk announces data breach impacting years-old accounts
Up to 10,000 Zendesk support and chat accounts may be impacted by a 2016 data breach, the San Francisco-based company announced Wednesday. Zendesk is a customer service software provider that promises to help clients ranging from Spotify to Vimeo via customer chats and data analysis. A third-party alerted the firm to a security incident impacting roughly 10,000 Zendesk support and chat accounts, including expired trial accounts and accounts that are no longer active.
FBI called in to investigate 2018 Mountain State mobile voting system hacking
The state of West Virginia says someone attempted to hack its citizens' votes during the 2018 mid-term elections. A statement issued this week by US Attorney Mike Stuart of the Southern District of West Virginia revealed that the FBI has been called in and is actively investigating at least one attempt to tamper with election results. "My office instituted an investigation to determine the facts and whether any federal laws were violated. The FBI has led that investigation," Stuart said.
FBI Warns U.S. Organizations About High Impact Ransomware
The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement today regarding the increasing number of high-impact ransomware attacks against public and private U.S. organizations. "Since early 2018, the incidence of broad, indiscriminant ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information," says the FBI.
How Uzbekistan's security service (allegedly) began developing its own malware
For years, Uzbekistan’s feared intelligence service, the National Security Service, has been accused of aggressively spying on citizens and abusing human rights in the Central Asian country under the guise of its counterterrorism and security operations. Now, the NSS’s reported use of hacking tools in that activity is coming into clearer view, thanks to new research.
WhatsApp Flaw Opens Android Devices to Remote Code Execution
A security researcher has identified a flaw in the popular WhatsApp messaging platform on Android devices, which could allow attackers to launch privilege elevation and remote code execution (RCE) attacks on victims. Exploiting the flaw is a rather complicated affair. An attack involves a bad actor sending a malicious GIF file to a victim via “any channel,” whether it’s an email or in a direct message on WhatsApp.