IT Security Newsletter - 9/2/2021
Fired NY credit union employee nukes 21GB of data in revenge
Juliana Barile, the former employee of a New York credit union, pleaded guilty to accessing the financial institution's computer systems without authorization and destroying over 21 gigabytes of data in revenge after being fired. "In an act of revenge for being terminated, Barile surreptitiously accessed the computer system of her former employer, a New York Credit Union, and deleted mortgage loan applications and other sensitive information maintained on its file server," Acting U.S. Attorney Jacquelyn M. Kasulis said. READ MORE...
Hackers use WebSVN to deploy new Mirai malware
Hackers are exploiting a vulnerability affecting WebSVN, an open source web application for browsing source code, to deploy variants of the Mirai DDoS malware. According to security researchers at Palo Alto Networks' Unit 42, while the critical command injection vulnerability was discovered and patched in May this year, they've observed hackers exploiting unpatched versions of the application. READ MORE...
15-Year-Old Malware Proxy Network VIP72 Goes Dark
Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two weeks ago, VIP72's online storefront - which ironically enough has remained at the same U.S.-based Internet address for more than a decade - simply vanished. READ MORE...
Don't use single-factor authentication, warns CISA
The Cybersecurity and Infrastructure Security Agency (CISA) has added the use of single-factor authentication to its brief list of bad practices that it considers to be exceptionally risky when it comes to cybersecurity. Single-factor authentication is a common low-security method of authentication. It only requires matching one factor-such as a password-to a username to gain access to a system. READ MORE...
How the Bumble dating app revealed any user's exact location
Hundreds of millions of people around the world use dating apps in their attempt to find that special someone, but they would be shocked to hear just how easy one security researcher found it to pinpoint a user's precise location with Bumble. Robert Heaton, whose day job is to be a software engineer at payments processing firm Stripe, discovered a serious vulnerability in the popular Bumble dating app that could allow users to determine another's whereabouts with petrifying accuracy. READ MORE...
BrakTooth: New Bluetooth Vulnerabilities Could Affect Millions of Devices
A group of researchers with the Singapore University of Technology and Design have disclosed a family of 16 new vulnerabilities that affect commercial Bluetooth Classic (BT) stacks. The researchers identified the security holes after evaluating 13 Bluetooth devices from 11 vendors. A total of 20 CVEs have already been assigned, with four additional vulnerabilities pending CVE assignment from Intel and Qualcomm. READ MORE...
NSA: We 'don't know when or even if' a quantum computer will ever be able to break today's public-key encryption
America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "when or even if" a quantum computer will ever exist to "exploit" public-key cryptography. In the document, titled Quantum Computing and Post-Quantum Cryptography, the NSA said it "has to produce requirements today for systems that will be used for many decades in the future." With that in mind, the agency came up with some predictions [PDF] for the near future of quantum computing and their impact on encryption. READ MORE...
UK Researchers Invent Device to Thwart USB Malware
A team of researchers at a UK university have designed a new device, which they claim will mitigate the risk of malicious USB drives. The "external scanning device" was designed at Liverpool Hope University and will soon go into production, having been granted a patent by the Indian government. It has been engineered to overcome a major issue with operating systems - that if not configured correctly, they will trust all USBs regardless of what might be installed on them. READ MORE...
- ...in 1752, Great Britain adopts the Gregorian calendar.
- ...in 1929, film director Hal Ashby ("Harold and Maude", "Being There") is born in Ogden, UT.
- ...in 1945, Japan formally surrenders to the Allied powers, with Foreign Minister Mamoru Shigemitsu signing the agreement aboard the battleship USS Missouri in Tokyo Bay.
- ...in 1963, the CBS Evening News becomes US network television's first half-hour weeknight news broadcast.