IT Security Newsletter - 12/07/2020
Travel agent leaked customer data by - this is embarrassing - giving it away in a hackathon
Be careful what you wish for when running a hackathon, because one in Australia turned up a data breach in the trove of sample data offered to hackers. And it was probably developers' fault. The event in question was staged by global travel agency outfit The Flight Centre Group, which in March 2017 staged an event called a "design jam" for its Australian operations. The event aimed to "create technological solutions for travel agents to better support customers during the sales process." READ MORE...
Food bank loses nearly $1,000,000 in Business Email Compromise scam
A food bank in Philadelphia has ended up out of pocket after scammers successfully tricked it out of almost one million dollars. As The Philadelphia Inquirer reports, hunger relief group Philabundance - which each year receives tens of millions of dollars in donations - was in the process of completing a $12 million construction project of a new community kitchen when the scammers struck. Posing as a legitimate construction company that was owed money for the building work. READ MORE...
Greater Baltimore Medical Center Hit by Ransomware Attack
The Greater Baltimore Medical Center in Towson, Maryland was hit by a ransomware attack that impacted computer systems and medical procedures, the healthcare provider said Sunday. While few details have been provided, operator GBMC HealthCare says the incident has impacted information technology systems and forced some procedures scheduled for Monday to be cancelled. "Although many of our systems are down, GBMC HealthCare has robust processes in place to maintain safe and effective patient care." READ MORE...
Iranian Hackers Access Unprotected ICS at Israeli Water Facility
A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system (ICS) at a water facility in Israel. According to industrial cybersecurity firm OTORIO, the hackers accessed a human-machine interface (HMI) system that was directly connected to the internet without any authentication or other type of protection. The target was apparently a reclaimed water reservoir. READ MORE...
Police arrest two in data theft cyberattack on Leonardo defense corp
Italian police have arrested two people allegedly for using malware to steal 10 GB of confidental data and military secrets from defense company Leonardo S.p.A. Leonardo is one of the world's largest defense contractors, with 30% of the company owned by the Italian Ministry of Economy and Finance. As a multi-national company, they are headquartered in Italy but have a large presence in the United Kingdom, the United States, According to Italian media. READ MORE...
MetaMask phishing steals cryptocurrency wallets via Google ads
Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads. MetaMask has a community of more than one million users. The site offers an Ethereum cryptocurrency wallet in the browser via a browser extension that lets distributed applications read from the blockchain. When installing the legitimate extension, you can either import an existing wallet or create a new one. READ MORE...
Hiding Malware in Social Media Buttons
This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming (also known as Magecart) attacks. The payment skimmer malware pulls its sleight of hand trick with the help of a double payload structure where the source code of the skimmer script that steals customers' credit cards will be concealed in a social sharing icon loaded as an HTML 'svg' element with a 'path' element as a container. READ MORE...
IRS to Make ID Protection PIN Open to All
The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who've experienced tax refund fraud in previous years. READ MORE...
File-sharing and cloud storage sites: How safe are they?
There it is again-that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis-and those of us that want to attach files that could get picked up by anti-malware scanners along the way-have probably resorted to using file-sharing sites to help solve this issue. But is file-sharing secure? How do file-sharing sites work? READ MORE...
QNAP patches QTS vulnerabilities allowing NAS device takeover
Network-attached storage (NAS) maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. The eight vulnerabilities patched today by QNAP affect all QNAP NAS devices running vulnerable software. These command injection and cross-site scripting (XSS) security bugs the company rated as medium and high severity security issues. READ MORE...
German divers find Enigma crypto machine on seabed
Environmental group WWF operates a tragically necessary maritime cleanup operation to find and remove so-called "ghost nets" from the sea. A ghost net is any rogue fishing device (often a gill net, dragged behind fishing vessels to snare fish by the gills in large numbers) that has got loose and carries on snagging sea creatures, including fish, sea mammals such as whales and dolphins, and even birds, in an uncontrollable way. READ MORE...
- ...in 1941, a date which will live in infamy, Pearl Harbor is attacked in an air raid by the Imperial Forces of Japan, bringing the United States into World War II.
- ...in 1949, singer-songwriter and actor Tom Waits ("Rain Dogs", "Down By Law") is born in Pomona, CA.
- ...in 1965, actor Jeffrey Wright ("Westworld", "Casino Royale") is born in Washington, D.C.
- ...in 1972, Apollo 17 is launched, the final mission of the Apollo program. It is the most recent time that humans travelled beyond low Earth orbit.