<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 5/9/2022

Top News

Ikea Canada Breach Exposes 95K Customer Records

Ikea Canada has confirmed that an employee compromised a database of 95,000 Canadian customers. The employee performed unsanctioned searches of the database between March 1 and 3, Kristin Newbigging, public relations leader at Ikea Canada, explains to Dark Reading. She adds that no banking information was exposed during the unauthorized system access. READ MORE...


Colonial Pipeline faces nearly $1m fine one year after ransomware attack

Colonial Pipeline is facing an almost $1 million fine for control room management failures after the US Department of Transportation alleged they contributed to the nation's fuel disruption in the wake of the 2021 ransomware attack. On Thursday, the department's Pipeline and Hazardous Materials Safety Administration issued a Notice of Probable Violation and Proposed Compliance Order to the fuel-pipeline operator, which suggests multiple violations of federal safety regulations. READ MORE...

Hacking

Cryptocurrency laundromat Blender shredded by US Treasury in sanctions first

The US Treasury has sanctioned cryptocurrency mixer Blender for its role in helping North Korea's Lazarus Group launder stolen digital assets. As a result, among other limitations, anyone in the United States or a US person can no longer do any business with Blender without special permission from the government. This marks the Feds' first-ever sanctions against a crypto mixer, which cybercriminals can use to cover their tracks. READ MORE...

Software Updates

Check your gems: RubyGems fixes unauthorized package takeover bug

The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious versions with the same file names and version numbers. Assigned CVE-2022-29176, the critical flaw existed on RubyGems[.]org, which is the Ruby-equivalent of npmjs[.]com, and hosts over 170,000 Ruby packages (gems) with almost 100 billion downloads served over its lifetime. READ MORE...

Malware

Caramel credit card stealing service is growing in popularity

A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud. Credit card skimmers are malicious scripts that are injected into hacked e-commerce websites that quietly wait for customers to make a purchase on the site. Once a purchase is made, these malicious scripts steal the credit card details and send them back to remote servers to be collected by threat actors. READ MORE...

Information Security

Your Phone May Soon Replace Many of Your Passwords

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites. READ MORE...

On This Date

  • ...in 1945, top-ranking Nazi official Herrman Goering is captured by the U.S. Seventh Army.
  • ...in 1949, singer-songwriter and pianist Billy Joel is born in the Bronx, NYC.
  • ...in 1958, Alfred Hitchcock's "Vertigo" has its world premiere in San Francisco.
  • ...in 1974, the US House Judiciary Committee opens formal impeachment hearings against President Richard M. Nixon in the wake of the Watergate scandal.