<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 11/10/2020

Breaches

Microsoft Exchange Attack Exposes New xHunt Backdoors

Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait. The activity is tied back to the known xHunt threat group, which was first discovered in 2018 and has previously launched an array of attacks targeting the Kuwait government, as well as shipping and transportation organizations. READ MORE...

Hacking

Laptop maker Compal hit by ransomware, $17 million demanded

Taiwanese laptop maker Compal Electronics suffered a DoppelPaymer ransomware attack over the weekend, with the attackers demanding an almost $17 million ransom. Compal is the second-largest original design manufacturer (ODM) of laptops globally, with well-known companies rebranding their devices or designs, including Apple, HP, Dell, Lenovo, and Acer. Over the weekend, Taiwanese media reported that Compal suffered a cyberattack, but the laptop maker claimed it was just an "abnormality" in their office automation system. READ MORE...


Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments

A cyberattack at the University of Vermont Health Network has forced one of the network's hospitals to delay chemotherapy and mammogram appointments, making it the latest example of how cybercriminals can impact patient care. The disruption of computer systems at the health network, which comprises six hospitals and more than 1,000 physicians, began the week of Oct. 25, the organization said. he attack made some of the data used to process appointments for cancer patients temporarily unavailable. READ MORE...

Trends

New Slipstream NAT bypass attacks to be blocked by browsers

Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim's NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices. The attack method, dubbed NAT Slipstreaming, was discovered by security researcher Samy Kamkar and it requires the victims to visit the threat actor's malicious website (or a site with maliciously crafted ads). To expose hosted services, the attack abuses certain NAT devices scanning port 5060. READ MORE...

Information Security

FTC Announces Consent Agreement With Zoom

Zoom has reached a settlement with the Federal Trade Commission (FTC), admitting to inaccurate and misleading claims of encryption for calls and promising to engage in a number of activities intended to ensure that similar issues don't recur. According to the FTC's settlement announcement, Zoom had promised "end to end 256-bit encryption" of Zoom calls since 2016 but only delivered a lesser level of security until October of this year. The greater security was only offered to all users after Zoom backtracked. READ MORE...


Former Microsoft Worker Gets 9 Years in $10M Fraud Scheme

A former Microsoft worker was sentenced Monday to nine years in prison for a scheme to steal $10 million in digital currency - money authorities said he used to buy a $160,000 car and a lakefront home. Volodymyr Kvashuk, a 26-year-old Ukrainian citizen living in Renton, Washngton, was responsible for helping test Microsoft's online retail sales platform. Prosecutors said he stole digital currency such as gift cards or codes that could be redeemed for Microsoft products or gaming subscriptions. READ MORE...

Exploits/Vulnerabilities

Millions of hotel guests worldwide have their private details exposed

A sloppy lack of security by a hotel reservation platform has left highly sensitive information about millions of people worldwide exposed. Security experts working for Website Planet uncovered a misconfigured AWS S3 bucket containing over 10 million files, containing information about hotel guests dating as far back as 2013. The finger of blame is pointing at Spanish firm Prestige Software, which sells a platform called Cloud Hospitality that helps hotels manage online booking sites. READ MORE...

Science & Culture

EU Agrees on Tighter Rules for Surveillance Tech Exports

The European Union on Monday agreed to tighten up rules for the sale and export of cybersurveillance technology. EU lawmakers and the European Council reached a provisional deal to update controls of so-called dual use goods such as facial recognition technology and spyware to prevent them from being used to violate human rights. Under the new rules, European companies will have to apply for government licenses to export certain products. READ MORE...

On This Date

  • ...in 1891, Carl Stalling, the composer and arranger for hundreds of "Looney Tunes" and "Merrie Melodies" cartoons, is born in Lexington, MO.
  • ...in 1928, Italian film composer Ennio Morricone ("A Fistful of Dollars", "Cinema Paradiso") is born in Rome.
  • ...in 1969, "Sesame Street" made its debut on the National Education Television network, the precursor to PBS.
  • ...in 1983, Microsoft introduces Windows 1.0.