<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 11/25/2020

SHARE

Breaches

Home Depot to pay states $17.5 million over massive 2014 data breach

U.S. states have reached a settlement over the mammoth 2014 Home Depot breach that will net them $17.5 million, plus an agreement from the home improvement retailer to strengthen its data security practices. The breach, which compromised 56 million payment card across the U.S., still ranks among the biggest data breaches ever. It's been an expensive cleanup. Years after the attack, Home Depot estimated the cost at about $179 million and said it was likely to continue growing. READ MORE...


Belden Discloses Data Breach Affecting Employee, Business Information

Specialty networking solutions provider Belden on Tuesday disclosed a data breach resulting in the theft of employee and business information. The company said the incident involved "unauthorized access and copying of some current and former employee data, as well as limited company information regarding some business partners." Belden said its employees detected unusual activity on some servers, which third-party forensic experts determined was the result of a "sophisticated attack." READ MORE...

Hacking

Alexa, Disarm the Victim's Home Security System

It's still a mystery to researchers at the University of Michigan and The University of Electro-Communications (Tokyo) - just what physically enabled them to inject commands into the embedded microphones of Amazon Alexa, Google Home, and other digital voice assistant devices via laser pointers. The team in 2019 used light to remotely control Google Assistant, Amazon Alexa, Facebook Portal, and Apple Siri by exploiting a vulnerability in their so-called MEMS microphones. READ MORE...

Malware

'Minecraft Mods' Attack More Than 1 Million Android Devices

Scammers are taking advantage of the Minecraft sandbox video game's wild success by developing Google Play apps which appear to be Minecraft modpacks, but instead deliver abusive ads, according to researchers. Since July, Kaspersky researchers have found more than 20 of these apps and determined that they have been downloaded on more than a million Android devices. READ MORE...

Exploits/Vulnerabilities

cPanel 2FA bypass vulnerability can be exploited through brute force

A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found. The vulnerability has been patched last week and, by now, web hosting providers have hopefully upgraded their installations. Still, admins of sites that are managed through cPanel should check whether their provider did perform the update (and demand they do it if they haven't). READ MORE...


Baidu Apps Leaked Location Data, Machine Learning Reveals

Two popular apps from Baidu collected data on Android phones and uploaded it to the Internet, potentially allowing the apps to track the user, network security firm Palo Alto Networks stated in an analysis of the apps published on Nov. 24. The Baidu Search Box and Baidu Maps applications, which have more than 6 million downloads from the US Google Play Store, both collected a variety of device identifiers from the phone on which the applications were installed. READ MORE...


Passwords exposed for almost 50,000 vulnerable Fortinet VPNs

A hacker has now leaked the credentials for almost 50,000 vulnerable Fortinet VPNs. Over the weekend a hacker had posted a list of one-line exploits for CVE-2018-13379 to steal VPN credentials from these devices, as reported by BleepingComputer. Present on the list of vulnerable targets are IPs belonging to high street banks, telecoms, and government organizations from around the world. READ MORE...

On This Date

  • ...in 1914, New York Yankees great Joe DiMaggio, the owner of a still-unsurpassed 56-game hitting streak, is born in Martinez, CA.
  • ...in 1920, actor Ricardo Montalban, best known as the villain Khan on "Star Trek" and Mr. Roarke on "Fantasy Island", is born in Mexico City.
  • ...in 1952, Agatha Christie's mystery play "The Mousetrap" opens in London's West End. It ran continuously for over 68 years, and is the longest-running play in theatrical history.
  • ...in 1963, President John F. Kennedy is buried at Arlington National Cemetery.