<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 6/21/2022

Top News

Icefall: 56 flaws impact thousands of exposed industrial devices

A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments. The Icefall collection has been discovered by security researchers at Forescout's Vedere Labs and it impacts devices from ten vendors. The type of security flaws included allow remote code execution, compromising credentials, firmware and configuration changes, authentication bypass, and logic manipulation. READ MORE...

Breaches

Flagstar Bank discloses data breach impacting 1.5 million customers

Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. Flagstar is a Michigan-based financial services provider and one of the largest banks in the United States, having total assets of over $30 billion. According to data breach notifications sent to exposed customers, Flagstar experienced a security incident in December 2021 when intruders breached the bank's corporate network. READ MORE...

Hacking

Capital One Attacker Exploited Misconfigured AWS Databases

The 36-year-old Seattle tech worker behind the infamous 2019 Capital One data breach has been convicted on seven charges related to the data theft - which are punishable by up to 20 years in jail. In the incident, Paige Thompson, who operated under the hacker handle "erratic," made off with more than 100 million credit applications that were held in a misconfigured Amazon Web Services storage bucket in the cloud. READ MORE...


Fake voicemail notifications are after Office365, Outlook credentials

A phishing campaign using fake voicemail notifications has been and is still targeting various US-based organizations, in an attempt to grab employees' Office365 and Outlook login credentials, Zscaler warns. The campaign seems to be a repeat of a previous, similar one, and targets security solution providers, software security developers, supply-chain organizations in manufacturing and shipping, healthcare and pharmaceutical firms, and the US military. READ MORE...

Information Security

You can be tracked online using your Chrome browser extensions

A researcher has found a way to generate a fingerprint of your device from your installed Google Chrome extensions, and then use that fingerprint to track you online. Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the internet. Websites you visit receive a huge amount of information when you land on their portal-it's a lot more than "just" which web browser you use to load up someone's site. READ MORE...

Exploits/Vulnerabilities

Client-side Magecart attacks still around, but more covert

We have seen and heard less buzz about 'Magecart' during the past several months. While some marketing playbooks continue to rehash the same breaches of yesteryear, we have been wondering if some changes took place in the threat landscape. One thing we know is that if the Magecart threat actors decided to switch their operations exclusively server-side then the majority of companies, including ours, would lose visibility overnight. READ MORE...


Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks. Those files, stored via "auto-save" and backed-up in the cloud, typically leave end users with the impression data is shielded from a ransomware attack. However, researchers say that is not always the case and files stored on SharePoint and OneDrive can be vulnerable to a ransomware attack. READ MORE...

On This Date

  • ...in 1788, New Hampshire ratifies the U.S. Constitution and is admitted as the ninth state.
  • ...in 1903, artist Al Hirschfeld, famous for his caricatures of stage and screen actors, is born in St. Louis, MO.
  • ...in 1932, film and TV composer Lalo Schifrin ("Mission: Impossible", "Enter the Dragon") is born in Buenos Aires, Argentina.
  • ...in 2004, engineer Burt Rutan's SpaceShipOne becomes the first privately-funded manned vehicle to pass the boundary of space.