<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 11/5/2019


Japanese media giant Nikkei says $29 million lost in BEC scam

Scammers fleeced the publishing conglomerate Nikkei out of $29 million by impersonating an executive at the international firm. Nikkei America, the U.S. subsidiary of the Japanese company, said on Oct. 30 that one of its employees transferred the funds, equivalent to roughly 3.2 billion Japanese yen, “based on fraudulent instructions by a malicious third party” posing as a corporate boss. It’s the latest high profile business email compromise attack carried out by fraudsters who exploit employees’ inherent trust in other people in their organization.

Eye Clinic Breach Reveals Data of 20,000 Patients

A Utah eye clinic is in the process of informing 20,000 patients that they were the victims of a data breach that happened a year and a half ago and linked patients to a scam involving PayPal. The breach at the Utah Valley Eye Center in Provo, Utah, that exposed patient emails once again highlights third-party risk in terms of data security. It also sheds light on the added requirements of medical providers under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) when data breaches occur.


Brooklyn Hospital Loses Patient Data In Ransomware Attack

A ransomware attack hitting several computer systems at the Brooklyn Hospital Center in New York caused permanent loss of some patient's data. The hospital tried to recover the data but all efforts were in vain. This indicates that a ransom for decrypting the files was not paid. The attack occurred in late July but the hospital acknowledged it publicly only last week, following what the institution calls "an exhaustive investigation," and after undertaking "diligent remediation efforts."


Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam

Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors. The attack, dubbed “light commands,” leverages the design of smart assistants’ MEMS microphones. In addition to sound, researchers found that MEMS microphones also react to light being aimed directly at them.


Actively exploited bug in fully updated Firefox is sending users into a tizzy

Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked. The message, which appears without any any user interaction upon visiting a site, reads: "Please stop and do not close the PC... The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal."

PSA: Turning off silent macros in Office for Mac leaves users wide open to silent macro attacks

A security hole in Office for Mac can be exploited by miscreants to potentially run malicious code on victims' shiny computers without anyone noticing. The CERT Coordination Center at Carnegie Melon University, on the US East Coast, warns the bug arises when folks activate the "disable all macros without notification" option in Office for Mac. This itself is a good security move, in that it's supposed to block code embedded in documents from running without first asking the user for approval.