IT Security Newsletter - 11/15/2021
Hoax Email Blast Abused Poor Coding in FBI Website
The Federal Bureau of Investigation (FBI) confirmed today that its fbi[.]gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities. READ MORE...
HPE Says Customer Data Compromised in Aruba Data Breach
Hewlett Packard Enterprise (HPE) has confirmed that a small amount of customer data was compromised in a data breach involving its subsidiary Aruba Networks. The incident, HPE says, was discovered on November 2, and involved the use of an access key to gain unauthorized access to "a limited subset of information held in the Aruba Central cloud environment." READ MORE...
Costco Confirms: A Data Skimmer's Been Ripping Off Customers
Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if they shopped there recently. Some customers have been aware for weeks that something was fishy and have been sharing their suspicions on social media. The story was first picked up by BleepingComputer, which reported that the notification letters went out sometime this month. READ MORE...
New Microsoft emergency updates fix Windows Server auth issues
Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server. On impacted systems, end-users cannot sign into services or applications using Single Sign-On (SSO) in Active Directory on-premises or hybrid Azure Active Directory environments. READ MORE...
Zoom Patches High-Risk Flaws in Meeting Connector, Keybase Client
Video messaging technology giant Zoom has shipped patches for high-severity vulnerabilities that expose enterprise users to remote code execution and command injection attacks. The company released multiple security bulletins to warn of the risks and called special attention to a pair of "high-risk" bugs affecting its on-prem meeting connector software and the popular Keybase Client. READ MORE...
IoT Protocol Used by NASA, Siemens and Volkswagen Can Be Exploited by Hackers
Researchers have shown that a widely used protocol named Data Distribution Service (DDS) is affected by vulnerabilities that could be exploited by threat actors for various purposes. Maintained by the standards development organization Object Management Group (OMG), DDS is a middleware protocol and API standard for data connectivity that is advertised as ideal for business-critical IoT systems. DDS has been used in various sectors including public transportation, aerospace, and military systems. READ MORE...
10,000+ websites and apps are vulnerable to Magecart
Some of the world's largest companies across retail, banking, healthcare, energy and many other sectors, including Fortune 500, Global 500 and governments are failing to prevent Magecart attacks, Cyberpion research revealed. Magecart is the common name for a style of cyber attack in which hackers compromise third party code (typically Javascript that runs in browsers) to steal, or scrape, information such as credit card data from web-applications or websites that incorporate the code. READ MORE...
Why the chip shortage drags on and on… and on
The semiconductor industry lives at the cutting edge of technological progress. So why can't it churn out enough chips to keep the world moving? Nearly two years into pandemic-caused disruptions, a severe shortage of computer chips-the components at the heart of smartphones, laptops, and innumerable other products-continues to affect manufacturers across the global economy. READ MORE...
- ...in 1916, "Peanuts" animator Jose "Bill" Melendez, who also voiced Snoopy and Woodstock, is born in Sonora, Mexico.
- ...in 1926, The NBC radio network opens across 24 stations nationwide.
- ...in 1929, actor Ed Asner ("The Mary Tyler Moore Show", "Elf") is born in Kansas City, MO.
- ...in 1971, Intel releases the first commercially-available single-chip microprocessor, the 4004.