<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/16/2022

SHARE

Breaches

Twilio phishing attack fallout spreads to Signal

Signal, widely considered one of the most secure messaging platforms globally, was among the companies directly impacted by a phishing attack against Twilio earlier this month. Once attackers gained access to Twilio's customer support console, the phone numbers or verification codes used by about 1,900 users to verify Signal accounts via Twilio were revealed, according to an update published by Signal. READ MORE...

Hacking

Russian hackers target Ukraine with default Word template hijacker

Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notorious Russian state-backed hacking group 'Gamaredon' continue to heavily target the war-torn country. Gamaredon (aka Armageddon or Shuckworm) is a group of Russian hackers believed to be part of the 18th Center of Information Security of the FSB, Russia's Federal Security Service. READ MORE...


Hackers attack UK water supplier but extort wrong victim

South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack. As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn't impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water. READ MORE...

Trends

Black Hat - Windows isn't the only mass casualty platform anymore

In years past, a massive Windows exploit netted mass casualties, but here at Black Hat, talks turned toward other massive attack platforms like clouds and cars. Windows is no longer alone at the front of the pack, hackwise - it has company. It makes sense. If you can find a cloud exploit like one presented here on multi-tenant cloud platform database hacks, one user can slurp up data from another company with a few commands. That's not good. READ MORE...

Exploits/Vulnerabilities

Secure Boot Bypass Flaws Affect Bootloaders of Many Devices Made in Past Decade

Bootloaders present in a majority of computers made in the past 10 years are affected by Secure Boot bypass vulnerabilities, according to firmware security company Eclypsium. Secure Boot is a mechanism designed to protect a device's boot process from attacks, and bypassing it can allow an attacker to execute arbitrary code before the operating system loads. This can be useful for installing stealthy and persistent malware. READ MORE...


Oh Deere: Farm hardware jailbroken to run Doom

At DEF CON 30 on Saturday, an Australian who goes by the handle Sick Codes showed off a way to fully take control of some John Deere farming machine electronics to run first-person shooter Doom. With some rather-involved hardware hacking and the help of a New Zealand-based maker of Doom mods identified as Skelegant on Twitter, Sick Codes managed to get a corn-themed version of the 1993 classic computer game to run on a John Deere tractor display. READ MORE...

On This Date

  • ...in 1954, film director and screenwriter James Cameron ("Titanic", "Avatar", "The Terminator", "Aliens") is born in Ontario, Canada.
  • ...in 1954, the first issue of "Sports Illustrated" is published by "Time" magazine publisher Henry Luce.
  • ...in 1958, all-time best-selling female recording artist Madonna Louise Ciccone, AKA Madonna, is born in Bay City, MI.
  • ...in 1962, original Beatles drummer Pete Best is dismissed from the band. His replacement: Ringo Starr.