IT Security Newsletter - 8/26/2019
Hostinger Data Breach Affects Almost 14 Million Customers
Hosting provider Hostinger today announced that it reset the login passwords of 14 million of its customers following a recent security breach that enabled unauthorized access to a client database. The incident occurred on August 23 and a third party was able to access usernames, hashed passwords, emails, first names, and IP addresses.
NASA Astronaut Accused of Identity Theft in First Criminal Allegation from Space
The situation is out of this world. Anne McClain, a NASA astronaut and lieutenant colonel in the Army, is facing accusations that she committed identity theft through the "improper access" of her estranged wife's "private financial records," The New York Times reported. Former Air Force intelligence officer Summer Worden didn't understand how her estranged wife, McClain, still knew details of her spending.
IRS Warns Taxpayers of New Scam Campaign Distributing Malware
The Internal Revenue Service (IRS) issued today a warning to alert taxpayers and tax professionals of an active IRS impersonation scam campaign sending spam emails to deliver malicious payloads. This warning was issued after the IRS received several reports from taxpayers during this week regarding unsolicited messages coming from scammers impersonating the U.S. revenue service with the help of spoofed email addresses.
Airlines That Manage Booking Systems Themselves Expose Customer Data
Some of the airlines that manage booking systems themselves have failed to implement important protection mechanisms, exposing their customers’ personal information, a researcher has warned. Many airlines allow customers to view and make changes to flight details using a unique identifier called the booking reference, or passenger name reference (PNR), and their last name.
WordPress Plugins Exploited in Ongoing Attack, Researchers Warn
Researchers are warning of an ongoing campaign exploiting vulnerabilities in a slew of WordPress plugins. The campaign is redirecting traffic from victims’ websites to a number of potentially harmful locations. Impacted by the campaign is a plugin called Simple 301 Redirects – Addon – Bulk Uploader as well as several plugins made by developer NicDark (now rebranded as “Endreww”).
Lenovo High-Severity Bug Found in Pre-Installed Software
Another flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. The vulnerability is a privilege escalation flaw that can be used to execute arbitrary code on a targeted system, giving an adversary Administrator or SYSTEM-level privileges.