<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/1/2019

SHARE

Breaches_ITSEC-1

Marriott Reports Exposure of Associates' Social Security Numbers

Marriott International notified some of its associates of an incident that exposed their social security numbers (SSNs) to an unknown party. An unknown individual may have accessed the information from the network of an unnamed vendor that was acting as the hotel's agent for receiving service of official documents. Marriott learned on September 4 that someone accessed sensitive information available in official papers, like subpoenas and court documents, present on the systems of an outside vendor, formerly used by Marriott.

Hacking_ITSEC

Hackers plead guilty to breach that Uber covered up

Remember when Uber was hacked but paid the hackers $100,000 in hush money to delete the data and zip their lips about it? The two guys who did the hack, they’re going down. Brandon Charles Glover, 26, of Florida, and Vasile Mereacre, 23, of Toronto, each pleaded guilty on Wednesday in a San Jose court house in California to one charge of conspiracy to commit extortion involving computers. With the guilty pleas, Uber’s elaborate coverup has been dragged back into the limelight.


Utah renewables company was hit by rare cyberattack in March

A Utah-based renewable energy company was the victim of a rare cyberattack that temporarily disrupted communications with several solar and wind installations in March, according to documents obtained under the Freedom of Information Act. The attack left operators at the company, sPower, unable to communicate with a dozen generation sites for five-minute intervals over the course of several hours on March 5. Each generation site experienced just one communication outage.

Malware_ITSEC

China-Linked Hackers Spy on Texts With MessageTap Malware

Researchers have discovered a new malware used for cyber-espionage efforts by China-linked threat group APT41. The malware intercepts telecom SMS server traffic and sniffs out certain phone numbers and SMS messages – particularly those with keywords relating to Chinese political dissidents. The espionage tool, dubbed MessageTap, was discovered by FireEye Mandiant during a 2019 investigation of a cluster of Linux servers within an unspecified telecom network.


Android Keyboard App Could Swindle 40M Users Out of Millions

Researchers are warning users to delete a popular Android keyboard app that, once downloaded, makes unauthorized purchases of premium digital content. Google told Threatpost it has removed the app from its Google Play marketplace – but researchers say it was downloaded on at least 40 million phones worldwide and thus remains a threat. The app, Ai.type, allows users to personalize their keyboard with various fonts and emojis and was developed by Israeli firm Ai.type Ltd.

Exploits_ITSEC

Untitled Goose Game security hole could have allowed hackers to wreak havoc

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer. “Untitled Goose Game”, which allows players to take control of a truly horrendous goose terrorising an unsuspecting village, is considered by some to be the one of the year’s most fun indie video games and is available for Windows, MacOS and Nintendo Switch.

Software_ITSEC

Chrome Zero-Day Bug with Exploit in the Wild Gets A Patch

Google on Thursday night started to roll out an update for Chrome that patches two use-after-free vulnerabilities, one of them having at least one exploit in the wild. Both security issues are serious as they could be leveraged to take control of a vulnerable system, reads an alert from the Cybersecurity and Infrastructure Security Agency (CISA). Google says it is aware that one of the flaws has an exploit in the wild. This bug received the tracking number CVE-2019-13720 and is in the audio component of the web browser.