<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 10/6/2021

Top News

Google to auto-enroll 150m users, 2m YouTubers with two-factor authentication

Google is going to automatically enroll 150 million users and two million YouTube creators into using two-factor authentication for their accounts by the end of the year, it announced on Tuesday. Passwords aren't good enough on their own, Google's AbdelKarim Mardini, group product manager working on Chrome, and Guemmy Kim, director at the Account Security and Safety team, explained on Tuesday. These passphrases are often simple and can be easily guessed, or stolen and shared. READ MORE...

Breaches

Massive Twitch hack: Source code and payment reports leaked

Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard. The leaker shared a torrent link leading to a 120GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories. According to the anonymous 4chan user, the leaked Twitch data contains: The entirety of twitch.tv, with commit history going back to its early beginnings, Mobile, desktop, and video game console Twitch clients, etc. READ MORE...

Software Updates

Apache fixes actively exploited zero-day vulnerability, patch now

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. The Apache HTTP Server is an open-source, cross-platform web server that is extremely popular for being versatile, robust, and free. As such, any vulnerability in the product has widespread consequences. READ MORE...

Malware

Atom Silo Uses DLL Side-Loading to Deploy Ransomware

Security researchers have warned of a new ransomware variant leveraging a recently disclosed vulnerability for initial access and going to great lengths to evade detection. Atom Silo is almost identical to the LockFile ransomware spotted spreading earlier this year by exploiting PetitPotam and ProxyShell vulnerabilities in Microsoft products, according to Sophos. The variant exploited a vulnerability in Atlassian's Confluence collaboration software made public just three weeks before the attack. READ MORE...

Exploits/Vulnerabilities

Hackers Could Disrupt Industrial Processes via Flaws in Widely Used Honeywell DCS

A distributed control system (DCS) product offered by Honeywell is affected by vulnerabilities that could allow malicious actors to disrupt industrial processes. Researchers at industrial cybersecurity firm Claroty discovered that Honeywell's Experion Process Knowledge System (PKS) is affected by three types of vulnerabilities. Two of them, CVE-2021-38395 and CVE-2021-38397, have been assigned a severity rating of critical. READ MORE...

On This Date

  • ...in 1866, the Reno gang carries out the first robbery of a moving train in the U.S., making off with over $10,000.
  • ...in 1995, Astronomers discover that the star 51 Pegasi has a planet orbiting around it, the first observed solar system outside of our own.
  • ...in 2007, Explorer and author Jason Lewis becomes the first person to complete a human-powered circumnavigation of the globe.
  • ...in 2010, the social media photo-sharing site Instagram is founded.