<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 11/09/2020

Breaches

Luxottica data breach exposes LensCrafters, EyeMed patient info

A Luxottica data breach has exposed the personal and protected health information for patients of LensCrafters, Target Optical, EyeMed, and other eye care practices. Luxottica is the world's largest eyewear company with a portfolio of well-known eyeglass brands, including Ray-Ban, Oakley, Oliver Peoples, Ferrari, Michael Kors, Bulgari, Armani, Prada, Chanel, and Coach. In addition to selling eyeglasses, Luxottica also operates the EyeMed vision benefits company and partners with eye care professionals. READ MORE...

Hacking

Routers, NAS Devices, TVs Hacked at Pwn2Own Tokyo 2020

Bug bounty hunters have hacked routers, network-attached storage (NAS) devices and smart TVs at the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. Due to the COVID-19 pandemic, the competition has been turned into a virtual event and Pwn2Own Tokyo is actually coordinated by Trend Micro's ZDI from Toronto, Canada, with participants demonstrating their exploits remotely. Organizers have offered significant prizes for exploits targeting a wide range of mobile and IoT devices. READ MORE...

Software Updates

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS (and iPadOS) that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google's Project Zero team, and patches were issued yesterday. What has Apple patched in the update? Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) list. READ MORE...

Malware

New Gitpaste-12 Botnet Exploits 12 Known Vulnerabilities

Security researchers have discovered a new worm and botnet dubbed Gitpaste-12, named for its usage of GitHub and Pastebin to host component code and the 12 known vulnerabilities it exploits to compromise systems. The Juniper Threat Labs research team detected the first Gitpaste-12 attacks on Oct. 15, 2020, however, the team notes the first commit was seen on GitHub on July 9, meaning the malware had lived on GitHub since then. READ MORE...

Information Security

HMRC smishing tax scam targets UK banking customers

An advanced HM Revenue and Customs (HMRC) tax rebate scam is targeting UK residents this week via text messages (SMS). The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters. Not only do the phishing pages mimic HMRC's web interface meticulously, but they also have entire online banking workflows built into them, depending on who your banking provider is. READ MORE...

Exploits/Vulnerabilities

Recent WebLogic Vulnerability Likely Exploited by Ransomware Operators

At least one ransomware operator appears to have added to their arsenal an exploit for a recently patched vulnerability in Oracle WebLogic. Tracked as CVE-2020-14882 and considered critical severity, the vulnerability was addressed in Oracle's October 2020 Critical Patch Update. It can be exploited remotely and does not require authentication for that. The first attacks targeting the vulnerability appeared within the first week after patches were released. READ MORE...

Encryption

New Pay2Key ransomware encrypts networks within one hour

A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation. Michael Gillespie, the creator of ID Ransomware, has also seen submissions from Pay2Key victims predominantly from Brazilian IP addresses. Although used in attacks against multiple Brazilian entities, this ransomware is not related to yesterday's RansomExx attacks targeting Brazil's government networks. READ MORE...

On This Date

  • ...in 1914, actress and inventor Hedy Lamarr is born. Not only was she a Hollywood leading lady, but she also devised the radio technology now used in Wi-Fi, GPS, and cell phones.
  • ...in 1934, astronomer, cosmologist, and author Carl Sagan is born. His 1980 television series "Cosmos" is among the most popular PBS documentaries of all time.
  • ...in 1967, the first issue of "Rolling Stone" magazine is published.
  • ...in 1985, 22-year-old Garry Kasparov defeats Anatoly Karpov to become the youngest World Chess Champion.
  • ...in 1989, Communist East Germany opens checkpoints in the Berlin Wall to West Germany, leading to German reunification and the fall of communism in Eastern Europe.