The U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) over the past weekend issued a directive for government departments and agencies, as well as the private sector, to apply the recently released Windows Server security update to all domain controllers.
ISBuzz Team
Luxottica, the world’s largest eyewear manufacturer, confirms that it has has suffered a ransomware attack (link at bottom) that forced the company to shut down operations. Italian media reported that operations at Luxottica plants in Agordo and Sedico were disrupted due to a significant computer system failure, and employees were sent home. Also affected were Luxottica portals and company-owned brands such as Ray-Ban, Sunglass Hut, LensCrafters, EyeMed, and Pearle Vision, which were all temporarily unavailable. A Gurucul expert offers perspective. A Gurucul expert offers perspective.
It was recently revealed that a back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among others. The data leak, discovered by WizCase on September 12, is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams. According to WizCase, the Elastic server is believed to have been password protected until September 10, after which the authentication seems to have been inadvertently removed.
Security researchers at Check Point just-published research, identifying a Remote Control Execution (RCE) vulnerability in Instagram. The attacker would only need a single, malicious image to execute the attack. Check Point researchers summarised the attack method to three steps: In effect, the vulnerability gives the attacker full control over the Instagram app and turns it into a spy tool with the power to create actions on behalf of the user: reading all direct messages on the Instagram account, deleting, or posting photos at will, manipulating account profile details. Since the Instagram application is known to have extensive permissions that are gateways…
News broke overnight that rogue employees at Shopify stole data from more than 100 merchants, which potentially exposed consumer data for those that shopped on the e-commerce sites using the company’s software. Compromised data may include emails, names, addresses, and order details. The employees have since been terminated, and the FBI is assisting in an investigation. More information: https://www.businessinsider.com/rogue-shopify-employees-stolen-customer-data-200-shops-2020-9?r=US&IR=T
British Gas is warning that customers may be targeted by sophisticated phishing emails claiming they are entitled to a refund of over £400. The company has identified the email address ‘[email protected]’ as the sender of many of these scam emails and has warned customers that it is not a genuine email. It is also encouraging customers who are concerned about a suspect phishing email to send it as an attachment to [email protected] for further investigation.
Earlier this week, news broke of the House unanimously approving The Defending the Integrity of Voting Systems Act, which would make hacking federal voting systems a crime. The legislation is a bipartisan bill that was introduced last year – it’s now moving on to the POTUS’ desk for a signature.
It has been reported that on Monday, The House unanimously approved legislation that would make hacking federal voting systems a federal crime. The Defending the Integrity of Voting Systems Act, approved by the Senate last year, would make hacking federal voting infrastructure a crime under the Computer Fraud and Abuse Act, which is commonly used by the Justice Department to take action against malicious hackers.
CISA today warned of a substantial increase in the use of LokiBot “info stealer” malware by bad actors since July 2020, as detected by CISA’s EINSTEIN Intrusion Detection System. LokiBot uses credential- and information-stealing malware that’s typically sent as a malicious attachment, and can also create a backdoor into infected systems to let attackers install additional payloads. It’s known as an easily deployable, effective threat and is often used in campaigns targeting Windows and Android operating systems to push malware via email, malicious websites, text and messaging. An expert with Gurucul offers perspective.
It has been reported that ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association), and many other US leagues have announced it fended off a ransomware attack. In a data breach notification letter filed with multiple states across the US, the company said that despite detecting and blocking the hackers from encrypting its files, the intruders managed to steal a copy of its backups. This backup contained data from ArbiterGame, ArbiterOne, and ArbiterWorks — three of the web applications used by schools and sports leagues to assign and manage the schedules and training programs of referees and game…