<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/20/2020

SHARE

Top News

MGM Resorts hacked: 10.6 million guests have their personal data exposed on hacking forum

Over 10 million people who have stayed at MGM Resorts hotels - including Twitter boss Jack Dorsey and pop idol Justin Bieber - have had their personal details posted online by hackers. The security breach, publicised by ZDNet and security researcher Under the Breach, saw the records of 10,683,188 former guests - including names, postal addresses, phone numbers, dates of birth, and email addresses - made available in an online data dump. READ MORE...

Breaches

Krebs on Security: Hackers Were Inside Citrix for Five Months

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. READ MORE...

Hacking

Credit Card Skimmer Found on Nine Sites, Researchers Ignored

Security researchers discovered a new batch of nine websites infected with malicious JavaScript that steals payment card info from online shoppers. Some of them were infected a second time and the script persisted, despite efforts from the researchers to contact the website owners. The script is attributed to MageCart Group 12, as per extensive analysis from RiskIQ a threat actor that is changing tactics as their tricks are being published in security reports. READ MORE...

Software Updates

Critical Adobe Flaws Fixed in Out-of-Band Update

Adobe has issued unscheduled patches for two critical vulnerabilities that, if exploited, enable an attacker to execute remote code on targeted devices. The two apps affected by the critical flaws are Adobe After Effects, a visual effects and motion graphics app used for post-production film making and video game production, and Adobe Media Encoder, an application to help with media processing requirements for audio and video. READ MORE...

Malware

Recent ransomware attacks define the malware's new age

Ransomware, a type of malware that holds data for ransom, has been around for years. In 1991, a biologist spread PC Cyborg, the first ransomware, by sending floppy disks via surface mail to other AIDS researchers, for instance. In the mid '00s Archiveus was the first ransomware to use encryption, though it's long ago been defeated and you can find its password on its Wikipedia page. READ MORE...

Exploits/Vulnerabilities

Tesla Pays $10K for Microsoft SQL Server Reporting Services Bug

Tesla paid a $10,000 bounty for a vulnerability in Microsoft SQL Server Reporting Services (SSRS) that had received a patch five days before getting the bug report. The issue was tagged as a server-side injection that led to remote code execution. German bug hunter parzel found it in a Tesla server for partners, which qualified for a reward. Tracked as CVE-2020-0618, the vulnerability received a patch on February 11, just four days before parzel submitted his report via Bugcrowd. READ MORE...


Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts

A stealthy hacking technique that could make it possible for attackers to access different components inside PCs made by the likes of Dell, HP and Lenovo still exists, five years after researchers first warned of it. Security researchers from Eclypsium, in findings published Tuesday, demonstrated how much of the firmware inside modern computers, such as webcams, USB hubs, trackpads and other internal hardware could be updated with "unsigned" code that's not designed by the device vendor. READ MORE...


Researchers Fool Smart Car Camera with a 2-Inch Piece of Electrical Tape

Operators of some older Tesla vehicles might be surprised to learn that a single piece of two-inch black electrical tape is all it takes to trick the camera sensor in their cars into misinterpreting a 35-mph speed sign as an 85-mph sign. Researchers at McAfee who discovered the issue said they were able to get a Tesla, equipped with version EyeQ3 of the Mobileye camera platform, to autonomously accelerate 50 miles above the speed limit. READ MORE...