IT Security Newsletter - 11/23/2021
Up to 1.2 million GoDaddy customers' data exposed in breach
Data connected with up to 1.2 million GoDaddy customers may have been accessed by an unauthorized party, the company reported to the U.S. Securities and Exchange Commission Monday. GoDaddy, a behemoth in the commercial web hosting and domain registrar space, reported that it discovered the apparent intrusion on Nov. 17, and that the improper access dated back to Sept. 6. READ MORE...
Wind turbine giant Vestas says data was compromised in security incident
One of the world's largest wind turbine manufacturers, Vestas Wind Systems, says it's contending with a cyberattack that forced the firm shut down some of its IT systems. The Danish company said Monday that it's investigating the security incident, discovered Nov. 19, and mitigating the impact. Vestas has "together with external partners worked around the clock to contain the situation and re-establish the integrity of its IT systems," it said in a statement. READ MORE...
On the trail of Russia's $100 million Evil Corp hacking gang
Joe Tidy, technology reporter at BBC News rather bravely did something that many other journalists would probably balk at doing. He decided he wanted to talk to Russian hackers face-to-face, on their home turf, and ask them their side of the story. The BBC journalist was interested in hunting down men such as Maksim Yakubets and 40-year-old Igor Turashev, both alleged members of Evil Corp and described by the US authorities as leading "one of the most sophisticated transnational cybercrime syndicates in the world." READ MORE...
Arrest in 'Ransom Your Employer' Email Scheme
In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme - a young man who said he was trying to save up money to help fund a new social network. READ MORE...
Researchers Hack Conti Ransomware Infrastructure
Prodaft security researchers exploited a vulnerability in the recovery servers used by the Conti Ransomware-as-a-Service (RaaS), which allowed them to gain insight into the inner workings of the ransomware. The flaw also allowed the researchers to identify the real IP addresses of the hidden service hosting the recovery website, including 20 IPs communicating with the Conti servers, and two Tor entry nodes used for the recovery service, all of which were reported to the authorities. READ MORE...
How to defend your website against card skimmers
Black Friday and the holiday season are approaching, and shoppers are forecast to spend record amounts again this year. Retail websites big and small can expect a lot of interest from shoppers looking for deals, and a lot of interest from cybercriminals looking to cash in on those shoppers, by stealing their credit card details with stealthy card skimmers. READ MORE...
New Windows zero-day with public exploit lets you become an admin
A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. BleepingComputer has tested the exploit and used it to open to command prompt with SYSTEM privileges from an account with only low-level 'Standard' privileges. READ MORE...
Philips Working on Patches for Vulnerabilities Found in Medical Products
Philips is working on patches for several vulnerabilities discovered by researchers in some of the company's medical products. The flaws were identified by researchers at industrial cybersecurity firm Nozomi Networks in Philips IntelliBridge, Patient Information Center iX (PIC iX), and Efficia CM series products. Advisories for the vulnerabilities were published last week by Philips and the U.S. Cybersecurity and Infrastructure Security Agency (CISA). READ MORE...
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
A high-severity security vulnerability in CloudLinux's Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security. According to researchers at Cisco Talos, the bug (CVE-2021-21956) specifically resides in the Ai-Bolit scanning functionality of the Imunify360. READ MORE...
Cryptographers are not happy with how you're using the word 'crypto'
The stadium that is home to the Los Angeles Lakers is getting a new name: the Crypto[.]com Arena. The name reflects the arena's new sponsorship agreement with a Singapore-based cryptocurrency trading platform. That may be good news for cryptocurrency fanatics - but perhaps not so much for another faction within the digital landscape: cryptographers. Look up the word "crypto", and you'll see it refers to cryptography, which in turn is defined as "the computerized encoding and decoding of information". READ MORE...
- ...in 1887, "Frankenstein" actor Boris Karloff (born William Henry Pratt) is born in London, England.
- ...in 1888, film comedian, musician, and Algonquin Round Table regular Arthur "Harpo" Marx is born in New York City.
- ...in 1936, the first issue of Life Magazine is published.
- ...in 1963, the BBC broadcasts the very first episode of "Doctor Who", which holds the record for longest-running science fiction TV series.