IT Security Newsletter - 8/1/2024
CISA and FBI: DDoS attacks won't impact US election integrity
CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but will have no impact on the integrity or security of the 2024 U.S. general election processes. While threat actors have falsely claimed in the past that DDoS attacks compromised voting systems, the FBI and CISA are yet to find any evidence of such attacks disrupting election results. READ MORE...
World leading silver producer Fresnillo discloses cyberattack
Fresnillo PLC, the world's largest silver producer and a top global producer of gold, copper, and zinc, said attackers gained access to data stored on its systems during a recent cyberattack. The mining giant revealed in a Tuesday filing that it was "the subject of a cyber security incident which has resulted in unauthorised access to certain IT systems and data." Upon discovering the attack, Fresnillo initiated response measures to contain the breach. READ MORE...
Germany names China as source of attack on government geospatial agency
Germany's government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy (BKG) - the official mapping agency. The nation's Ministry of the Interior and Home Affairs on Wednesday published an assertion that China infiltrated the Office's systems to conduct espionage, after first compromising devices belonging to private individuals and businesses to conduct the raid. READ MORE...
Smart Cars Share Driver Data, Prompting Calls for Federal Scrutiny
Two US senators have called on the US Federal Trade Commission (FTC) to hold automakers accountable for sharing driver data without consent, highlighting the growing data privacy challenges - and deceptive verbiage from terms of service - associated with modern smart cars. In a letter to the FTC (PDF) last week, Sens. Ron Wyden (D-Ore.) and Edward Markey (D-Mass.) used the data-sharing practices of General Motors, Honda, and Hyundai as symptomatic of an industrywide problem. READ MORE...
Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now!
Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device. Included in the patches for Apple Watch, iOS, and iPadOS are four vulnerabilities in Siri. While your device is locked there are several voice-commands your digital assistant can process. Apple has restricted these options to stop an attacker with physical access from being able to access contacts. READ MORE...
Ransomware infection cuts off blood supply to 250+ hospitals
A ransomware attack against blood-donation nonprofit OneBlood, which services more than 250 American hospitals, has "significantly reduced" the org's ability to take, test, and distribute blood. In a notice today, OneBlood revealed the intrusion disrupted a "software system," and had forced the organization to use manual processes and procedures to remain operational. The outfit provides blood for healthcare facilities across Florida, Georgia, North Carolina, and South Carolina. READ MORE...
Microsoft seizes domain used by Vietnamese group to sell fake accounts, services
Microsoft on Wednesday seized another domain used by a trio of people based in Vietnam who were selling fraudulent accounts and services to bypass CAPTCHA puzzles, according to court documents unsealed late Wednesday. The seizure of a single domain - rockcaptcha[.]com - comes six months after a federal court authorized Microsoft to seize domains and infrastructure operated by the same group that was responsible for creating roughly 750 million fraudulent Microsoft accounts. READ MORE...
Meta to pay $1.4 billion over unauthorized facial recognition image capture
Texas Attorney General Ken Paxton has announced a $1.4 billion settlement with Meta to "stop the company's practice of capturing and using the personal biometric data of millions of Texans without the authorization required by law." The prime reason for the initial lawsuit that led to the settlement was Facebook's "Tag Suggestions" feature that used facial recognition. READ MORE...
Homebrew Security Audit Finds 25 Vulnerabilities
Multiple vulnerabilities in Homebrew could have allowed attackers to load executable code and modify binary builds, potentially controlling CI/CD workflow execution and exfiltrating secrets, a Trail of Bits security audit has discovered. Sponsored by the Open Tech Fund, the audit was performed in August 2023 and uncovered a total of 25 security defects in the popular package manager for macOS and Linux. READ MORE...
- ...in 1819, author Herman Melville ("Moby-Dick", "Bartleby, The Scrivener") is born in New York City.
- ...in 1834, slavery is abolished in the British Empire, as the prior year's Slavery Abolition Act comes into force.
- ...in 1941, the first US Army Jeep is produced.
- ...in 1981, MTV begins broadcasting in the United States. The first music video they play is "Video Killed the Radio Star", by The Buggles.