IT Security Newsletter - 9/11/19
Equifax named the most Googled data breach of all time
The infamous 2017 Equifax data breach that affected 148 million individuals, including more than 600,000 UK citizens, is the most searched for data breach of all time, according to cybersecurity firm Redscan. The company scoured Google's annual Year in Search report to find out which data protection incidents had attracted the most attention from people using the search engine over the past year.
Hundreds Arrested in Joint US-Nigeria Crackdown on Cyber Scams
Nigerian and US authorities said Tuesday that nearly 300 people had been arrested in a months-long global crackdown on online scams to hijack wire transfers from companies and individuals. "Operation reWired" broke up multiple groups, many party of transnational criminal gangs, running the so-called business email compromise (BEC) schemes by which they steal money being used in payments.
Vulnerabilities Exposed 2 Million Verizon Customer Contracts
UK-based researcher Daley Bee was analyzing Verizon Wireless systems when he came across a subdomain that appeared to be used by the company’s employees to access internal point-of-sale tools and view customer information. Further analysis led to the discovery of a URL pointing to PDF format contracts for Verizon Wireless customers who used the company’s monthly installment program to pay for their devices.
New NetCAT CPU side-channel vulnerability exploitable over the network
Researchers have found yet another CPU feature that can be abused to leak potentially sensitive data, but this time with a twist: The attacker doesn’t need to have local access on the targeted machine because the attack works over the network. The culprit is Intel’s Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor’s internal cache to achieve better performance, less power consumption, and higher data throughput.
U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign
A weakness named NetCAT (Network Cache ATtack) affects all Intel server-grade processors since 2012 and allows sniffing sensitive details by mounting a side-channel attack over the network. Researchers first discovered the campaign on Aug. 21 after an unnamed U.S. semiconductor distributor received a spam email sent to the sales department from a potentially compromised “trusted” sender.