<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 7/21/2020

Top News

7 VPN services leaked data of over 20 million users, says report

Seven Virtual Private Network (VPN) providers who claim not to keep any logs of their users' online activities recently left 1.2 terabytes of private user data exposed to anyone who comes looking. The data, found on a server shared by the services, included the Personally Identifiable Information (PII) of potentially as many as 20 million VPN users, said researchers at vpnMentor, who uncovered the leak. READ MORE...

Hacking

Accused Cypriot scammer threatened to publish stolen data if victims didn't pay huge extortion fees

The government of Cyprus has extradited a 21-year-old accused cybercriminal to the United States after he was accused of breaching a number of U.S. companies as part of a years-long extortion effort. Joshua Epifaniou, a Cypriot national, arrived in New York City on Friday, more than two years after he was initially arrested in connection with a corporate hacking spree. Epifaniou is charged with stealing personal information from at least four sites, then demanding a payment in exchange for not publishing that data. READ MORE...


Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities

A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel's water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry. Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country. READ MORE...

Malware

Lorien Health Services discloses ransomware attack affecting nearly 50,000

Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident. Responsible for the attack are Netwalker ransomware operators, who leaked the information after Lorien refused to pay the ransom demand. A family-owned nursing home for the elders, Lorien Health Services runs nine locations in Baltimore, Carroll, Harford, and Howard counties, as well as a rehabilitation and fitness facility. READ MORE...

Exploits/Vulnerabilities

Details and PoC for critical SharePoint RCE flaw released

Last week, a "wormable" remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix. Implementing the offered security updates has since become even more urgent, as more exploitation details and a PoC have been released on Monday. READ MORE...

On This Date

  • ...in 1904 Louis Rigolly, driving a 15-liter Gobron-Brillie on the Ostend-Newport road in Belgium, became the first man to break the 100mph barrier in a car.
  • ...in 1970, after 11 years of construction, the Aswan High Dam across the Nile River in Egypt is completed.
  • ...in 1987 Enzo Ferrari, in a ceremony commemorating his company's 40th year, unveiled the Ferrari F40 at the factory in Maranello, Italy.
  • ...in 2011, the Space Shuttle Atlantis (STS-135) lands at Kennedy Space Center, completing the final mission of NASA's Space Shuttle program.