<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/5/2019

SHARE

Breaches_ITSEC-1

Nebraska Medicine Breached By Rogue Employee

Hospital network Nebraska Medicine has disclosed a data breach after a former employee accessed sensitive patient data – including medical records and Social Security numbers. The Nebraska Medicine network encompasses Nebraska’s largest hospital, Nebraska Medical Center, as well as other locations like Bellevue Medical Center.


Salesforce’s Heroku Used to Host Magecart Skimmers, Stolen Cards

Magecart threat actors have been spotted this week while starting to abuse Salesforce's Heroku cloud application platform to host their card skimming scripts and to store stolen payment card info. Heroku is a cloud platform-as-a-service (Paas) designed to help companies and individual developers to speedily build and host web apps without having to worry about also managing the infrastructure behind them.

Hacking_ITSEC

Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.


‘Ultimate’ MiTM Attack Steals $1M from Israeli Startup

Hackers pulled off an elaborate man-in-the-middle campaign to rip off an Israeli startup by intercepting a wire transfer from a Chinese venture-capital firm intended for the new business. New research by Check Point Software details how the security vendor uncovered the wire-transfer heist, in which an attacker used unique tactics—including communicating through email and even canceling a critical in-person meeting–to fool both parties on either end of the transfer, researchers said.

Malware_ITSEC

Snake bites: Beware malicious Python libraries

Earlier this week, two Python libraries containing malicious code were removed from the Python Package Index (PyPI), Python’s official repository for third-party packages. It’s the latest incarnation of a problem faced by many modern software development communities, raising an important question for all developers who rely on open source software: How can you make it possible for people to contribute their own code to a common repository for re-use, without those repos becoming vectors for attacks?

Exploits_ITSEC

Cut-and-paste goof reveals HackerOne session cookie, and earns bug hunter $20,000

It helps some of the world’s most famous companies and organisations run bug bounty programs – Starbucks, Goldman Sachs, Uber, Instagram, Twitter, Slack, the United States Department of Defense… the list goes on and on. Researchers find a security vulnerability in a product, service or website and HackerOne helps co-ordinate the report to the company concerned. So there’s some irony in reading that HackerOne’s own security has been found lacking.


Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter

Twitter security celeb SwiftOnSecurity on Tuesday inadvertently disclosed a zero-day vulnerability affecting enterprise software biz Atlassian, a flaw that may be echoed in IBM's Aspera software. The SwiftOnSecurity Twitter account revealed that Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service, to enable the Atlassian Companion app to edit files in a preferred local application and save the files back to Confluence.