<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/8/2022

SHARE

Breaches

Twitter breach exposes anonymous accounts to nation state hackers

Twitter confirmed Friday that a bad actor used a vulnerability to match private information with potentially anonymous Twitter accounts, posing risks to users privacy. The vulnerability allowed someone to match an email or phone number to any Twitter accounts tied to that information and the name of the accounts, Twitter wrote in a press blog. "We can confirm the impact was global," a Twitter spokesperson said in an email. READ MORE...

Hacking

North Korean hackers target crypto experts with fake Coinbase job offers

A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry. A common tactic the hacking group uses is to approach targets over LinkedIn to present a job offer and hold a preliminary discussion as part of a social engineering attack. READ MORE...


Snapchat, Amex sites abused in Microsoft 365 phishing attacks

Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks. They're used in attacks to redirect targets to malicious sites that will either infect them with malware or trick them into handing over sensitive information. READ MORE...

Software Updates

F5 Fixes 21 Vulnerabilities With Quarterly Security Patches

Security and application delivery solutions provider F5 has released its quarterly security notification for August 2022, which informs customers about 21 vulnerabilities affecting BIG-IP and other products. The company has released separate advisories for a dozen high-severity vulnerabilities, as well as eight medium-severity and one low-severity flaws. READ MORE...

Information Security

Class Action Targets Experian Over Account Security

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim's personal information and a different email address. READ MORE...


Traffic Light Protocol for cybersecurity responders gets a revamp

The word "protocol" crops up all over the place in IT, usually describing the details of how to exchange data between requester and replier. But there is also an important protocol that helps humans in IT, including researchers, responders, sysadmins, managers and users, to be circumspect in how they handle information about cybersecurity threats. That protocol is known as TLP, short for the Traffic Light Protocol, devised as a really simple way of labelling cybersecurity information. READ MORE...

Exploits/Vulnerabilities

Slack resets passwords en masse after invite link vulnerability

Slack proactively reset the passwords of 0.5% of its users on Thursday after it was alerted to a vulnerability that transmitted hashed versions of user passwords to other workspace members. The enterprise messaging and collaboration platform said in a blog post it fixed the bug in the shared invite link functionality, which creates a link to permit others to join a Slack workspace. READ MORE...

On This Date

  • ...in 1945, President Harry S. Truman signs the United Nations Charter and the United States becomes the first nation to complete the ratification process.
  • ...in 1945, the Soviet Union officially declares war on Japan, pouring more than 1 million Soviet soldiers into Japanese-occupied Manchuria.
  • ...in 1974, in an evening televised address, President Richard M. Nixon announces his intention to resign in the wake of the Watergate scandal.
  • ...in 1988, the Chicago Cubs host Wrigley Field's first ever night game.