Watchtower’s Weekly InfoSec Round-up: July 23 to July 29
In the Watchtower Weekly InfoSec Roundup, we summarize the latest information security news, breaches, vulnerabilities & advancements.
In the Watchtower Weekly InfoSec Roundup, we summarize the latest information security news, breaches, vulnerabilities & advancements. In this week’s edition:
- Capital One breach affecting 100 million customers.
- Critical flaw found that powers 2 billion devices.
- Malware spreads via LinkedIn.
Read these stories and other timely infosec news below.
Cyber Attacks & Breaches
Massive data breach hits Capital One, affecting more than 100 million customers
(USA Today) July 29th
Capital One said Monday that personal information of more than 100 million individuals, including Social Security numbers and bank accounts, was compromised in a massive data theft that led to the arrest of a Seattle woman.
Lancaster University students’ data stolen in cyber-attack
(The Guardian) July 23rd
Records and ID documents of some Lancaster University students were accessed in the phishing attack and fraudulent invoices were sent to undergraduate applicants, a spokesman for the university said.
UPDATE: Man arrested over cyber attack on Lancaster University
Incident Of The Week: 4 Million Bulgarian Citizens Affected By Tax Agency Data Breach
(Cyber Security Hub) July 26th
More than 4 million of Bulgaria’s 7 million citizens were affected by a security breach in June 2019, which compromised personally-identifiable information and financial records lifted from the country’s tax agency.
Michigan HIPAA business associates alerts 15,000 patients of data breach
(Beckers Hospital Review) July 23rd
Northwood, a Michigan HIPAA business associate, has notified more than 15,000 patients that a hacker had gained access to an employee’s email account and potentially viewed their protected health information.
Customers of Zions Bank notified of data breach
(The Salt Lake Tribune) July 26th
Zions Bank sent letters to some of its customers this week notifying them of an online data breach. User names, email addresses, account numbers — as well as Social Security or tax numbers if used as identification — were included in the accessed information.
Johannesburg Ransomware Attack Leaves Residents in the Dark
(Dark Reading) July 25th
Johannesburg’s City Power, the municipal entity delivering power to the South African financial hub, was hit with a ransomware attack that encrypted its network, databases, and applications.
BASF, Siemens, Henkel, Roche target of cyber attacks
(Reuters) July 24th
German blue-chip companies BASF, Siemens, Henkel along with a host of others said they had been victims of cyber attacks, confirming a German media report which said the likely culprit was a state-backed Chinese group.
Hackers gain access to 3,700 patient records at Texas hospital
(Beckers Hospital Review) July 24th
Greenville, Texas-based Hunt Memorial Hospital District has notified 3,700 patients that their medical records may have been exposed due to a criminal cyberattack.
Louisiana Declares Cybersecurity State of Emergency
(Dark Reading) July 25th
A series of attacks on school districts around the state led Governor John Bel Edwards to issue the declaration that brings new resources and statewide coordination to what had been a collection of local cybersecurity events.
Additional inside sources come forward about Springhill Medical Center Cyber Attack
(NBC 15) July 26th
After learning of the security incident, Springhill Medical Center promptly shut down its network to contain the incident and protect data. Employees were told not to come to work for several days due to department closures.
13,000 NAB customers affected by data breach
(ComputerWorld) July 28th
NAB has begun contacting some 13,000 of its customers revealing details of a data breach. The bank said that a range of personal information including names, dates of birth, contact details and in some cases, the number of a government-issued ID documents, was erroneously uploaded to the servers of two “data service companies”.
Ransomware crooks hit Synology NAS devices with brute-force password attacks
(ZDNet) July 26th
Taiwan-headquartered storage vendor Synology is warning users to strengthen the passwords to their network attached storage (NAS) after several devices — capable of storing terabytes of data — were encrypted by ransomware.
Vulnerabilities & Exploits
Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices
(The Hacker News) July 29th
Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.
Scams use false alerts to target Office 365 users, admins
(SC Magazine) July 23rd
Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams — one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators.
Browser Flaws Exposed Local Area Networks at Health, Drug Firms
(HIT Infrastructure) July 24th
Vulnerabilities in Chrome and Firefox browser extensions enabled attackers to access local area networks (LANs) of several healthcare and pharmaceutical companies including AthenaHealth, Epic Systems, Kaiser Permanente, Merck, Pfizer, and Roche.
Slide deck brings BlueKeep exploit closer to the wild
(TechTarget) July 23rd
A Chinese researcher presented details regarding how to achieve a remote code execution BlueKeep exploit and experts now say attacks in the wild are closer than ever.
Android vulnerability lets hackers hijack your phone with malicious videos
(The Next Web) July 24th
If you use a phone running any version of Android between 7.0 and 9.0 (Nougat, Oreo, or Pie), you ought to immediately install the latest security update — or risk getting your handset hijacked by devious video malware.
Risks & Warnings
Flaws in widely used corporate VPNs put company secrets at risk
(Tech Crunch) July 23rd
Researchers have found several security flaws in popular corporate VPNs which they say can be used to silently break into company networks and steal business secrets.
A New ‘Arbitrary File Copy’ Flaw Affects ProFTPD Powered FTP Servers
(The Hacker News) July 23rd
A German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide.
APT34 spread malware via LinkedIn invites
(SC Magazine) July 23rd
FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents.
Popular Malware Families Using ‘Process Doppelgänging’ to Evade Detection
(The Hacker News) July 25th
Discovered in late 2017, Process Doppelgänging is a fileless variation of Process Injection technique that takes advantage of a built-in Windows function to evade detection and works on all modern versions of Microsoft Windows operating system.
New Android Spyware Created by Russian Defense Contractor Found in the Wild
(The Hacker News) July 25th
Cybersecurity researchers have uncovered a new piece of mobile surveillance malware believed to be developed by a Russian defense contractor that has been sanctioned for interfering with the 2016 U.S. presidential election.
