<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 9/27/2019

SHARE

Breaches_ITSEC-1

DoorDash hack spills loads of data for 4.9 million people

A hack on food-delivery service DoorDash leaked the personal data of 4.9 million customers, delivery workers, and merchants, the company revealed on Thursday. The breach took place on May 4, but DoorDash officials didn't learn of it until earlier this month when they noticed unusual activity involving an unnamed third-party service provider.


Hearing aid manufacturer hit by cyber attack slashes profits by $95 million

Demant, the manufacturer of Oticon hearing aids, has said that it expects losses of up to 650 million kroner (approximately $95 million) following a cyber attack earlier this month. The company’s servers suffered what it described as a “critical incident” on September 3, disrupting the production and distribution of its products.

Hacking_ITSEC

Research outs poorly constructed disinfo campaign aimed at Hong Kong protests

Hackers that appear to be acting in the interest of China’s government have been hijacking and using fake accounts on Facebook, Twitter, and YouTube to push narratives denigrating the Hong Kong protests, according to research from Graphika. Named “Spamouflage Dragon,” the people behind the campaign attempted to avoid detection algorithms by posting a small amount of political content interspersed with higher volumes of spam

Malware_ITSEC

Thousands of PCs Affected by Nodersok/Divergent Malware

New malware identified by Microsoft and Cisco Talos has affected thousands of PCs in the United States and Europe and turns systems into proxies for performing malicious activity, the companies said. The fileless threat—called Nodersok by Microsoft and Divergent by Cisco Talos—has many of its own components but also takes advantage of existing tools to do its dirty work.

Info_Security_ITSEC

Vimeo Slapped With Lawsuit Over Biometrics Privacy Policy

Vimeo, the popular ad-free video platform, is facing a lawsuit that alleges it stored people’s facial biometrics without their consent or knowledge. The lawsuit, which was filed on Sept. 20, claims Vimeo violated the Illinois Biometrics Information Privacy Act (BIPA). This is a law that imposes requirements on businesses that collect or otherwise obtain biometric information, including fingerprints, retina scans and facial recognition scans.


Match knowingly puts people at risk from scammers, FTC charges

Did you know that between 2013 and at least mid-2018, between 25% and 30% of profiles on dating site Match.com were reportedly fake? As in, those “people” weren’t looking for love – they were looking to shake down legitimate subscribers? Well, Match.com – the biggest online dating site in the US – most certainly knew, the Federal Trade Commission (FTC) alleges in a lawsuit it filed on Wednesday.

Exploits_ITSEC

Researchers Disclose Another SIM Card Attack Possibly Impacting Millions

A new variant of a recently disclosed SIM card attack method could expose millions of mobile phones to remote hacking, researchers have warned. Earlier this month, cyber telecoms security firm AdaptiveMobile Security disclosed the details of Simjacker, an attack method that involves sending specially crafted SMS messages to the targeted mobile phone.


DEF CON Voting Village report explores vulnerabilities in ballot-marking devices, calls for paper-based audits

After finding security weaknesses in two ballot-marking devices at this year’s DEF CON Voting Village, researchers are calling for “more comprehensive studies” of equipment that is increasingly a part of the voter experience. The findings come as states consider the security advantages of election systems that create a paper trail. Ballot-marking devices, or BMDs for short, allow voters to mark their choices on a screen and then print them out.

Software_ITSEC

Cisco Patches 13 High-Severity Router and Switch Bugs

Cisco Systems released patches for 29 bugs Wednesday that addressed flaws in a wide range of its products including routers and switches running the IOS XE networking software. Thirteen of the vulnerabilities revealed are rated high severity. The bulk of the high-severity vulnerabilities are tied to conditions that could lead to denial-of-service attacks, while others are command injection bugs and one digital signature verification bypass flaw.