<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 9/30/2019


Prolific hacker steals 218 million personal records in Zynga breach

The personal information of 218 million Zynga users has been stolen in a data breach orchestrated by prolific Pakistani hacker Gnosticplayers. The company famous for making popular web and mobile games FarmVille, Words with Friends, Draw Something and OMGPOP announced the breach last week but the extent of the stolen data has only recently been revealed.

Dunkin’ Donuts Gets Hit with Lawsuit Over 2015 Attack

Dunkin’ Donuts is being sued for violating New York state data breach notification laws. The lawsuit alleges that Dunkin’ parent company, Dunkin’ Brands, failed to disclose a breach in 2015 that affected nearly 20,000 customers who were part of the company’s DD Perks loyalty program. New York Attorney General Letitia James filed the lawsuit Thursday accusing the donut maker of engaging in “past and ongoing fraudulent, deceptive, and unlawful practices.”


Bulletproof Hosting Service in Former NATO Bunker Goes Down

Authorities in Germany this week shut down the services of a bulletproof hosting provider set up in a former NATO bunker that went five floors underground. The bunker was acquired in 2013 and managed by a Dutch national believed to have ties with organized crime in the Netherlands, who turned it into a heavily secured data center for illegal purposes. A bulletproof hosting provider rents hosting services with no restrictions to the nature of the content uploaded or distributed, or the type of business conducted.


German manufacturer says malware has caused ‘significant disruption’ to plants in three countries

A malware infection at German car parts manufacturer Rheinmetall Automotive has caused “significant disruption” to production at company plants in Brazil, Mexico, and the United States, the company disclosed Thursday. Rheinmetall Group, the manufacturer’s parent company, said it expects to lose 3 to 4 million euros, or $3.28 to $4.38 million, per week due to the incident, starting next week.

New 'Gucci' IoT Botnet Targets Europe

Security researchers with SecNiche Security Labs have discovered a new piece of malware that attempts to ensnare Internet of Things (IoT) devices in Europe into a distributed denial-of-service (DDoS)-capable botnet. Called Gucci, the same as the Italian luxury brand of fashion and leather goods, the botnet appears to be new and previously undocumented, security researchers Aditya K Sood and Rohit Bansal told SecurityWeek in an email exchange.


Unpatchable bug in millions of iOS devices exploited, developer claims

Today, an iOS security researcher who earlier developed software to "jailbreak" older Apple iOS devices posted a new software tool that he claims uses a "permanent unpatchable bootrom exploit" that could bypass boot security for millions of Apple devices, from the iPhone 4S to the iPhone X. The developer, who goes by axi0mX on Twitter and GitHub, posted via Twitter, "This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community."

Cloud Vulnerability Could Let One Server Compromise Thousands

A newly disclosed critical vulnerability in the OnApp cloud orchestration platform could let an attacker compromise an entire private cloud with access to a single server, researchers report. The finding comes from researchers at security firm Skylight Cyber who say the flaw has the potential to affect hundreds of thousands of production servers and organizations around the world.