<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 7/31/2020

Top News

EU sanctions Russian intelligence, Chinese nationals and a North Korean front company for alleged hacks

The European Union has sanctioned six people and three organizations in Russia, China and North Korea in connection with three major cyberattacks dating back to 2017. EU officials announced Thursday they would enact restrictive measures against the people it deemed responsible for the WannaCry ransomware outbreak in 2017, the NotPetya campaign and Operation Cloud Hopper, a Chinese cyber-espionage effort. READ MORE...


Twitter hackers used "phone spear phishing" in mass account takeover

The hackers behind this month's epic Twitter breach targeted a small number of employees through a "phone spear phishing attack," the social media site said on Thursday night. When the pilfered employee credentials failed to give access to account support tools, the hackers targeted additional workers who had the permissions needed to access the tools. "This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter officials wrote in a post. READ MORE...

Breaches

Drizly Breach Hits 2.5 Million Customer Accounts

Alcohol delivery startup Drizly has suffered a major breach of customer data, with nearly 2.5 million accounts compromised in an incident discovered earlier this month. The firm - which describes itself as the world's largest marketplace for beers, wines and spirits - partners with retail stores in over 100 North American cities. It has been emailing customers to warn them of a recent incident in which personally identifiable information (PII) but no financial data was compromised. READ MORE...


Crypto Firm Ledger's Breach Hits One Million Customers

Crypto-wallet firm Ledger has revealed a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands. Aside from the email addresses, which could be used in follow-on phishing attacks spoofing the brand, the hacker made off with the personally identifiable information (PII) of 9500 customers, including first and last name, postal address, phone number and ordered products. READ MORE...

Hacking

Hackers broke into real news sites to plant fake stories

Over the past few years, online disinformation has taken evolutionary leaps forward, with the Internet Research Agency pumping out artificial outrage on social media and hackers leaking documents-both real and fabricated-to suit their narrative. More recently, Eastern Europe has faced a broad campaign that takes fake news ops to yet another level: hacking legitimate news sites to plant fake stories, then hurriedly amplifying them on social media before they're taken down. READ MORE...

Software Updates

Cisco urges patching flaws in data-center, SD-WAN gear

Cisco has issued a number of critical security advisories for its data center manager and SD-WAN offering customers should deal with now. On the data center side, the most critical - with a threat score of 9.8 out of 10 - involves a vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could let an unauthenticated, remote attacker bypass authentication and execute arbitrary actions with administrative privileges on an affected device. READ MORE...

Malware

Linux warning: TrickBot malware is now infecting your systems

TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. TrickBot is a multi-purpose Windows malware platform that uses different modules to perform various malicious activities, including information stealing, password stealing, Windows domain infiltration, and malware delivery. READ MORE...

Information Security

Krebs on Security: Is Your Chip Card Secure? Much Depends on Where You Bank

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. READ MORE...

Exploits/Vulnerabilities

Doki Backdoor Infiltrates Docker Servers in the Cloud

A fresh Linux backdoor called Doki is infesting Docker servers in the cloud, researchers warn, employing a brand-new technique: Using a blockchain wallet for generating command-and-control (C2) domain names. Doki however is meant to provide a persistent capability for code-execution on an infected host, setting the scene for any number of malware-based attacks, from denial-of-service/sabotage to information exfiltration to ransomware, according to Intezer. READ MORE...

Encryption

IBM completes successful field trials on Fully Homomorphic Encryption

Yesterday, Ars spoke with IBM Senior Research Scientist Flavio Bergamaschi about the company's recent successful field trials of Fully Homomorphic Encryption. We suspect many of you will have the same questions that we did-beginning with "what is Fully Homomorphic Encryption?" FHE is a type of encryption that allows direct mathematical operations on the encrypted data. Upon decryption, the results will be correct. For example, you might encrypt 2, 3, and 7 and send the three encrypted values to a third party. READ MORE...

On This Date

  • ...in 1790, the first U.S. patent is issued to inventor Samuel Hopkins for a unique potash production process.
  • ...in 1932, 6'9" actor Ted Cassidy, best known as Lurch from "The Addams Family", is born in Pittsburgh, PA.
  • ...in 1964 Ranger 7, an unmanned U.S. lunar probe, takes the first close-up images of the moon before impacting with the lunar surface.
  • ...in 1990, Nolan Ryan wins the 300th game of his career, throwing 7 2/3 innings with 8 strikeouts to lead his Texas Rangers to an 11-3 victory over the Milwaukee Brewers.