IT Security Newsletter - 10/30/2020
Home Depot Confirms Data Breach in Order Confirmation SNAFU
Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information. Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the issue. READ MORE...
University Email Hijacking Attacks Push Phishing, Malware
Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Cybercriminals are hijacking legitimate email accounts from more than a dozen universities - including Purdue University, University of Oxford in the U.K. and Stanford University - and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware. READ MORE...
NVIDIA Patches AMI BMC Vulnerabilities Impacting Several Major Vendors
NVIDIA on Wednesday released patches to address a total of nine vulnerabilities impacting NVIDIA DGX servers. NVIDIA's DGX systems are designed for enterprise AI applications. All of the bugs were found in the AMI Baseboard Management Controller (BMC) firmware running on the affected devices. This means the vulnerabilities are not specific to NVIDIA and they impact the products of several other vendors as well. The vulnerabilities were reported to NVIDIA by members of the SCADA StrangeLove project. READ MORE...
Buer Loader "malware-as-a-service" joins Emotet for ransomware delivery
If you've followed the inglorious history of malware in recent years, you'll almost certainly have heard the name Emotet. That's a long-lived and extensive family of malware that we've had the unfortunate necessity to warn you about on many occasions, Emotet is what's known as a bot or zombie - malware that regularly and quietly calls home to one or more C&C servers operated by the crooks. (C&C and its synonym C2 are short for Command-and-Control.) Zombies of this sort generally upload details of each system that they successfully infect. READ MORE...
How to plan a password security project
Sponsored Weak password security is a torment that afflicts networks in so many ways. On the user side is the certainty of hopeless and reused passwords, while on the attacker's side are a gamut of techniques for targeting them such as phishing, credential stuffing, brute forcing, and spotting backdoors to hidden applications such as RDP, SSH, and shadow IT. Formulating a credible plan to cope with all this is a big job. Overhauling an organisation's password security design requires investment. READ MORE...
Cybercriminals Aim BEC Attacks at Education Industry
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic. K-12 schools and colleges are more than twice as likely to get hit with a business email compromise (BEC) than companies outside of the education industry, new research has found. According to Barracuda Networks, BECs accounted for 28% of all spear-phishing attacks aimed at educational institutions, while for all other verticals it was 11%. READ MORE...
On Friday the US starts Ender's hacking game: All local teens can compete for scholarships in cybersecurity
CyberStart America challenge aims to find talented network defenders. Starting on Friday, US high school students can register to participate in CyberStart America, an online puzzle-solving game designed to identify cybersecurity talent and qualify participants for an opportunity to compete in the National Cyber Scholarship Competition next year. The 700-800 top scorers in the national competition will receive scholarships of about $2,500 from a $2m scholarship fund. READ MORE...
- ...in 1838, Oberlin Collegiate Institute in Lorain County, Ohio becomes the first college in the U.S. to admit female students.
- ...in 1938, H.G. Wells' War of the Worlds is broadcast over the radio by Orson Welles' Mercury Theatre.
- ...in 1961, The USSR detonates "Tsar Bomba," a 50-megaton hydrogen bomb; it is still the largest explosive device of any kind over detonated.
- ...in 1991, BET Holdings Inc., becomes the first African-American owned company listed on the New York Stock Exchange.