<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/31/2019



Krebs on Security: Breaches at NetworkSolutions, Register.com, and Web.com

Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. The Jacksonville, Fla.-based Web.com said the information exposed includes “contact details such as name, address, phone numbers, email address and information about the services that we offer to a given account holder.”

Bed Bath & Beyond Discloses Customer Login Credentials Breach

In a report for the Securities and Exchange Commission (SEC) on Tuesday, Bed Bath & Beyond retailer disclosed that an unauthorized party obtained login information for some of its customers. Details about the breach are scarce but the company says that it affected a small number of online accounts. According to the SEC filing, email and password information was accessed from a source outside the company's systems.


Fraudster Admits Role In Theft of Millions From Thousands of Army Members

Fredrick Brown, a former U.S. Army civilian medical records administrator, admitted on Tuesday to taking part in a fraud scheme that victimized thousands and allowed the fraudsters to steal millions mostly from elderly and disabled veterans. The 38-year old man from Las Vegas, Nevada, pleaded guilty to one count of conspiracy to commit wire fraud and a separate count of conspiracy to launder monetary instruments.

Office 365 users targeted with fake voicemail alerts in suspected whaling campaign

Office 365 users at high-profile companies in a wide variety of industries are being targeted with voicemail-themed phishing emails, McAfee researchers have found. They say that a wide range of employees have been targeted, from middle management to executive level staff, and that these emails could be part of a “whaling” campaign. The malicious emails take the form of (fake) Microsoft-branded notifications telling recipients of a missed call.


DeepFakes: When seeing isn’t believing

Deepfakes are rapidly becoming easier and quicker to create and they’re opening a door into a new form of cybercrime. Although the fake videos are still mostly seen as relatively harmful or even humorous, this craze could take a more sinister turn in the future and be at the heart of political scandals, cybercrime, or even unimaginable scenarios involving fake videos – and not just targeting public figures.


Valve Source Engine, Fortnite Servers Crippled By Gafgyt Variant

A new Gafgyt variant is adding vulnerable internet of things (IoT) devices to its botnet arsenal and using them to cripple gaming servers worldwide. The newly-discovered variant is capable of launching a variety of denial-of-service (DoS) attacks against the Valve Source Engine, a video game engine developed by Valve Corp. that runs popular games such as ​Half-Life and ​Team Fortress 2. Other gaming servers have also been targeted by the botnet, such as those hosting widely-played games such as Fortnite, researchers warn.