<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 11/19/2020

Breaches

Cryptocurrency exchange Liquid suffers security breach, user data exposed

Cryptocurrency exchange Liquid has revealed that it was hacked last week, after a malicious attacker managed to seize control of its DNS records, seized control of some internal email accounts, and gained access to the firm's document storage infrastructure. And, as a consequence, personal details of customers may now be in the hands of hackers. In a blog post, Liquid CEO Mike Kayamori explained that last Friday the cryptocurrency exchange's domain name hosting service incorrectly transferred control. READ MORE...

Hacking

REvil ransomware hits Managed.com hosting provider, 500K ransom

Managed web hosting provider Managed.com has taken their servers and web hosting systems offline as they struggle to recover from a weekend REvil ransomware attack. On Monday morning, Managed.com announced that they had suffered an issue affecting the availability of their hosting services and are investigating the matter. As first reported by ZDNet, Managed.com disclosed on Tuesday that they were hit with a ransomware attack and, to protect the "integrity of our customer's data,". READ MORE...


Egregor ransomware bombards victims' printers with ransom notes

The Egregor ransomware uses a novel approach to get a victim's attention after an attack - shoot ransom notes from all available printers. Ransomware gangs know that many businesses would rather hide a ransomware attack than make it public, including to employees, for fear of the news affecting stock prices and their reputation. To increase public awareness of the attack and pressure a victim into paying, the Egregor operation is known to repeatedly print ransom notes. READ MORE...

Malware

Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says

Stolen credit card numbers sometimes spill onto the dark web for the most mundane reason: People carelessly give them up. According to researchers with Gemini Advisory, a China-based e-commerce scam appears to be harvesting payment information not through direct hacks on companies or using pernicious malware to skim data, but with a simpler approach. The fraudsters set up hundreds of websites that appear to sell legitimate goods, but instead capture card numbers for sale on the dark web, Gemini says. READ MORE...

Information Security

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks

Cybercriminals are recognizing that the data that automotive companies have to offer - from customer and employee personal identifiable information (PII) to financial data - is invaluable. Recently, one attacker installed a keystroke logger on the workstation of a car dealership's finance specialist, to obtain their credentials and access customer credit reports. Another launched a ransomware attack on Toyota Australia, leading to delays in servicing and disruption in the supply of parts. READ MORE...

Exploits/Vulnerabilities

Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors

Halloween may have been last month, but IBM researchers revealed Wednesday that they discovered a way ghosts could haunt Cisco Webex meetings. The vulnerabilities in the video conferencing platform - since the subject of a Cisco patch - would permit uninvited guests to join a meeting without showing up on the participant list, stay in a meeting even after the host expels them and gather information about other attendees without joining. READ MORE...


Bumble bugs could have exposed personal data of all users

Security vulnerabilities in Bumble, one of today's most popular dating apps, could have exposed the personal information of its entire, almost 100 million-strong user-base. The bugs - which affected Bumble's application programming interface (API) and stemmed from the dating service not verifying user requests server-side - was discovered by Sanjana Sarda and her team at Independent Security Evaluators. In addition to finding a way to bypass paying for Bumble Boost. READ MORE...

On This Date

  • ...in 1863, President Lincoln delivers his famous Gettysburg Address.
  • ...in 1959, the Ford Motor Company announces the discontinuation of the notoriously unpopular Edsel.
  • ...in 1969, Brazilian football star Pele scores his 1,000th career goal.
  • ...in 1985 President Ronald Reagan and Premier Mikhail Gorbachev hold their first summit meeting.