Daily Archives: November 15, 2020

How a move to the cloud can improve disaster recovery plans

COVID-19 and the subsequent global recession have thrown a wrench into IT spending. Many enterprises have placed new purchases on hold. Gartner recently projected that global spending on IT would drop 8% overall this year — and yet dollars allocated to cloud-based services are still expected to rise by approximately 19 percent, bucking that downward trend. Underscoring the relative health of the cloud market, IDC reported that all growth in traditional tech spending will be … More

The post How a move to the cloud can improve disaster recovery plans appeared first on Help Net Security.

Healthcare organizations are sitting ducks for attacks and breaches

Seventy-three percent of health system, hospital and physician organizations report their infrastructures are unprepared to respond to attacks. The survey results estimated 1500 healthcare providers are vulnerable to data breaches of 500 or more records, representing a 300 percent increase over this year. Black Book Market Research surveyed 2,464 security professionals from 705 provider organizations to identify gaps, vulnerabilities and deficiencies that persist in keeping hospitals and physicians proverbial sitting ducks for data breaches and … More

The post Healthcare organizations are sitting ducks for attacks and breaches appeared first on Help Net Security.

Researchers break Intel SGX by creating $30 device to control CPU voltage

Researchers at the University of Birmingham have managed to break Intel SGX, a set of security functions used by Intel processors, by creating a $30 device to control CPU voltage. Break Intel SGX The work follows a 2019 project, in which an international team of researchers demonstrated how to break Intel’s security guarantees using software undervolting. This attack, called Plundervolt, used undervolting to induce faults and recover secrets from Intel’s secure enclaves. Intel fixed this … More

The post Researchers break Intel SGX by creating $30 device to control CPU voltage appeared first on Help Net Security.

Managing risk remains a significant challenge

While COVID-19 has created new concerns and deepened traditional challenges for IT, organizations with complete insight and governance of their technology ecosystem are better positioned to achieve their priorities, a Snow Software survey of 1,000 IT leaders and 3,000 workers in the United States, United Kingdom, Germany and Australia reveals. The challenge of managing risk In fact, mature technology intelligence – defined as the ability to understand and manage all technology resources – correlated to … More

The post Managing risk remains a significant challenge appeared first on Help Net Security.

Careers in Cybersecurity

Have you considered a career in Cybersecurity? It is a fast-paced, highly dynamic field with a huge number of specialties to choose from, including forensics, endpoint security, critical infrastructure, incident response, secure coding, and awareness and training. In addition, a career in cybersecurity allows you to work almost anywhere in the world, with amazing benefits and an opportunity to make a real difference. However, the most exciting thing is you do NOT need a technical background, anyone can get started.

Security teams need visibility into the threats targeting remote workers

Although only 33% of organizations are currently using a dedicated digital experience monitoring solution today, nearly half of IT leaders are now likely to invest in these solutions as a result of the events of 2020, a NetMotion survey reveals. Digital experience monitoring In addition, the research revealed that tech leaders tend to overestimate the positive experience of remote workers – with IT estimating the quality of the remote working experience to be 21% higher … More

The post Security teams need visibility into the threats targeting remote workers appeared first on Help Net Security.

7 Challenges that Stand in the Way of Your Compliance Efforts

Compliance is very important to any organization. Organizations have many standards to choose from including PCI, CIS, NIST and so on. Oftentimes, there are also multiple regulations that are applicable in any country. So, organizations need to commit some time and resources in order to apply security standards and achieve compliance. Even so, organizations encounter […]… Read More

The post 7 Challenges that Stand in the Way of Your Compliance Efforts appeared first on The State of Security.

eBook: The security certification healthcare relies on

Healthcare is a growing field where the importance of security and privacy cannot be overstated. Many security professionals have gravitated toward this dynamic field, enhancing their skills and knowledge by earning the (ISC)² HealthCare Information Security and Privacy Practitioner (HCISPP) credential. Globally recognized and respected, the vendor-neutral HCISPP creates significant advantages for security professionals and the healthcare organizations that employ them. In the new (ISC)² eBook, HCISPPs around the world share how becoming certified has … More

The post eBook: The security certification healthcare relies on appeared first on Help Net Security.

SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack

Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of hack known as “credential stuffing.“ This cyberattack involves using stolen credentials to log into web-based systems and […]… Read More

The post SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack appeared first on The State of Security.

McAfee’s open API framework enables orgs to respond faster to threats while reducing cost

McAfee announced the launch of MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISION platform that will allow customers to quickly and easily integrate McAfee and trusted Security Innovation Alliance (SIA) partner applications as well as privately developed applications within their current security environment. This enables security teams to swiftly address security gaps in their architecture and easily improve security posture. The newly launched open API framework enables organizations to respond faster … More

The post McAfee’s open API framework enables orgs to respond faster to threats while reducing cost appeared first on Help Net Security.

Immuta and Starburst help orgs automate data governance, access control, and privacy management

Immuta announced a strategic partnership with Starburst, to allow organizations to unlock sensitive data by automating data access control, security, and privacy protection. Joint customers using Immuta and Starburst benefit from faster, safer, more cost-effective analytics and data science initiatives that deliver more value from more data — even the most sensitive. Immuta’s native integration with Starburst will be available in late November for select beta customers. Interested organizations can try Immuta for free for … More

The post Immuta and Starburst help orgs automate data governance, access control, and privacy management appeared first on Help Net Security.

Marriott Breach Takeaway: The M&A Cybersecurity Challenge

After Buying Starwood, Marriott Didn't Spot Long-Running Breach for 2 More Years
Takeaway from the U.K.'s GDPR privacy fine against hotel giant Marriott: During M&A, review an organization's cybersecurity posture before finalizing any acquisition. Because once a deal closes, you're fully responsible for data security - IT network warts and all.

Data-Exfiltrating Ransomware Gangs Pedal False Promises

Thieves Not Honoring 'Pay Us to Delete Stolen Data' Guarantees, Investigators Warn
Victims of crypto-locking malware who pay a ransom to their attackers are paying, on average, more than ever before. But investigators warn that when victims pay for a guarantee that all data stolen during an attack will get deleted, criminals often fail to honor their promises.

Darkside Ransomware Gang Launches Affiliate Program

Using Affiliates Enables Crowdsourced Profits But Leaves Operators More Exposed
Darkside is the latest ransomware operation to announce an affiliate program in which a ransomware operator maintains crypto-locking malware and a ransom payment infrastructure while crowdsourced and vetted affiliates find and infect targets. When a victim pays, the operator and affiliate share the loot.

Banking on Cloud Security

"Better, cheaper, faster." These are the results that banking institutions can receive by shifting security to the cloud, says David Vergara of OneSpan. At a time when multi-channel fraud is surging and the customer experience is paramount, cloud needs serious consideration, he says.

‘ModPipe’ POS Malware Attacking Hospitality Industry

Carefully Crafted Backdoor Targets Specific Oracle Software Used to Store Data
A recently uncovered point-of-sale malware called "ModPipe" is targeting specific Oracle software used by thousands of restaurants and other businesses in the hospitality industry, according to researchers at ESET. This backdoor can then steal sensitive data such as cardholder names.

NIST Exhibits at the 2020 Grace Hopper Conference

NIST will exhibit at the 2020 Grace Hopper Conference To learn how you can work with NIST, please see our opportunities. Information Technology Laboratory Careers Internships (Current positions open September 4, 2020 and close on Thursday, October 31, 2020) Student Trainee (Computer Science) – ZP1599- I / II Student Trainee (IT Specialist) – ZP2299 – I / II NIST NRC Postdoctoral Program (Two competitions per year, Open December 1 - February 1 and Open June 1 - August 1) Engineering Laboratory PREP Opportunities (Proposed start date: January 2021) Student or Full Time Employment Opportunity In

IEEE International Workshop on Spectrum Sharing Technology for Next Generation Communications

Workshop title: Spectrum Sharing Technology for Next Generation Communications Call for Papers: Due to the ever-increasing demands on wireless communications and limited spectrum resources, spectrum sharing (SS) is being developed as a key solution to alleviate the spectrum scarcity problem in the current and next generation (NG) communication systems. Major notable SS systems include the 5G New Radio Unlicensed (NR-U), unlicensed LTE or License Assisted Access (LAA), Internet of Things (IoT), CBRS 3-tier access, LTE-WLAN Aggregation (LWA), Multefire, and others. They have used various

The North Face website suffered a credential stuffing attack

Retail giant The North Face has reset the passwords for some of its customers in response to a successful credential stuffing attack.

Outdoor retail giant The North Face has forced a password reset for a number of its customers following a successful credential stuffing attack that took place on October 8th and 9th.

Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches. This kind of attack is very efficient due to the bad habit of users of reusing the same password over multiple services.

the north face 3

The threat actors were able to gain access to the accounts of several customers and related personal information. Attackers targered accounts resistered to thenorthface.com website.

“We care about the security of your personal information, and we are writing to tell you that we have discovered evidence of unauthorized access to some of your personal information. On October 9, 2020, we were alerted to unusual activity involving our website, thenorthface.com, that prompted us to investigate immediately.” reads a notice of data breach issued by the company. “Following a careful investigation, we concluded that a credential stuffing attack had been launched against our website on October 8 and 9, 2020.”

Exposed data included customers’ names, birthdays, telephone numbers, billing and shipping addresses, purchased products, favorited products, email addresses, VIPeak customer loyalty point total.

The company launched an investigation into the security breach and determined that the attacker previously gained access to customers credentials from a source differed from The North Face and
used them to access accounts on thenorthface.com.

The company pointed out that the attackers were not able to view customers’ financial data.

“If you saved your payment card (credit, debit or stored value card) to your account on thenorthface.com, the attacker was not able to view your payment card number, expiration date, nor your CVV (the short code on the back of your card), because we do not keep a copy of that information on thenorthface.com. We only retain a “token” that we have linked to your payment card, and only our third-party payment card processor retains payment card details.” continues the notice. “The token cannot be used to initiate a purchase anywhere other than on thenorthface.com. Accordingly, your credit card information is not at risk as a result of this incident.”

The attack also resulted in “unauthorized purchases” that were made on thenorthface.com site, and the company offered refunds for any unauthorized purchases.

The company disabled all passwords from accounts that were accessed by hackers and erased all payment card tokens from all accounts on
thenorthface.com.

Impacted users will be asked to enter their payment information again and create new passwords next time they will access their accounts on the company’s website.

“Please change your password at thenorthface.com and at all other sites where you use the same password. In addition, we recommend avoiding using easy-to-guess passwords.” concludes the company.

“We strongly encourage you not to use the same password for your account at thenorthface.com that you use on other websites, because if one of those other websites is breached, your email address and password could be used to access your account at thenorthface.com.”

Pierluigi Paganini

(SecurityAffairs – hacking, The North Face)

The post The North Face website suffered a credential stuffing attack appeared first on Security Affairs.

Security Affairs newsletter Round 289

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

Creative Office 365 phishing inverts images to avoid detection bots
Luxottica data breach exposes info of LensCrafters and EyeMed patients
Pwn2Own Tokyo Day 3: Team Flashback crowned Master of Pwn
Compal, the Taiwanese giant laptop manufacturer hit by ransomware
E-commerce platform X-Cart hit by a ransomware attack
FBI warns of attacks on unsecured SonarQube used by US govt agencies and businesses
Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others
xHunt hackers hit Microsoft Exchange with two news backdoors
Adobe fixes flaws in Connect and Reader Mobile
Flaws in WordPress Ultimate Member plugin expose 25K sites to hack
Malicious NPM project steals browser info and Discord accounts
Prestige reservation platform exposes millions of hotel guests
Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike
Tetrade hackers target 112 financial apps with Ghimob banking Trojan
EU bodies agree on new EU export rules for dual-use technology
Former Microsoft worker sentenced to nine years in prison for stealing $10+ million
Google and Mozilla fixed issues exploited at 2020 Tianfu Cup hacking contest
Microsoft Patch Tuesday fixes CVE-2020-17087 currently under active exploitation
Muhstik botnet adds Oracle WebLogic and Drupal exploits
Ragnar Locker ransomware gang advertises Campari hack on Facebook
The alleged decompiled source code of Cobalt Strike toolkit leaked online
46M accounts were impacted in the data breach of childrens online playground Animal Jam
Costaricto APT: Cyber mercenaries use previously undocumented malware
Google addresses two new Chrome zero-day flaws
New modular ModPipe POS Malware targets restaurants and hospitality sectors
Swedish court suspended the ban on Huawei equipment
Hacker stole $2 million worth of Dai cryptocurrency from Akropolis
New TroubleGrabber malware targets Discord users
Security flaws in Schneider Electric PLCs allow full take over
Three APT groups have targeted at least seven COVID-19 vaccine makers
Vertafore data breach exposed data of 27.7 million Texas drivers
Biotech research firm Miltenyi Biotec hit by Mount Locker ransomware
CISA Chief Chris Krebs expects to be fired by the White House
Schneider Electric published a security advisory on Drovorub Linux Malware

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

The post Security Affairs newsletter Round 289 appeared first on Security Affairs.

Chilean-based retail giant Cencosud hit by Egregor Ransomware

Chilean-based retail giant Cencosud has suffered a ransomware attack that impacted operations at its stores, Egregor ransomware appears to be involved.

A ransomware attack, allegedly launched by the Egregor ransomware gang, hit the Chilean-based retail giant Cencosud, the incident impacted operations at its stores.

Cencosud the largest retail company in Chile and the third largest listed retail company in Latin America, competing with the Brazilian Companhia Brasileira de Distribuição and the Mexican Walmart de México y Centroamérica as one of the largest retail companies in the region. The company has more than 1045 stores in Latin America (Argentina, Brazil, Chile, Colombia, and Peru) with over 140,000 employees and $15 billion in revenue for 2019. The company’s stores include Easy home goods, Jumbo, Paris, Costanera Center, Santa Isabel, Vea, Disco, Metro, Johnson and Shopping Center.

“The Chilean multinational Cencosud (Centros Comerciales Sudamericanos SA) was hacked by cybercriminals who would have in their possession information from customers of supermarkets such as Disco, Jumbo and Vea and would ask for millions of dollars to return it.” reads the post published by the Argentinian media outlet Clarín.

The incident took place this week, according to local media and Bleeping Computer, customets could not use the ‘Cencosud Card’ credit card or pickup their web purchases at the impated stores due to the reansomware attack.

Clarins website pointed out that Cencosud has its own credit card, this means that threat actors could use the stolen information to make purchases and thus steal money from customers.

BleepingComputer was the first to confirm that the retail giant was hit by Egregor ransomware after it obtained the ransom note.

“After learning of the attack, BleepingComputer obtain the ransom note and can confirm it was conducted by Egregor and targeted the ‘Cencosud’ Windows domain.” reported Bleeping Computer.

Egregor ransomware has been active since September as a ransomware-as-a-service operation, many affiliates of the Maze ransomware operations have chosen it after Maze shut down its activities. Some of the victims of the group are Egregor Crytek, Barnes and Noble, and Ubisoft.

Malware researchers that collaborate with Bleeping Computer first speculated that other malware, such as Egregor and Sekhmet ransomware borrows the code from Maze ransomware.

Local media also reported that printers in multiple retail outlets in Chile and Argentina began printing out ransom notes while the ransomware was encrypting the systems.

“The ransom note does not provide links to proof of stolen data, but Egregor has a history of stealing unencrypted files before deploying their ransomware.” continues Bleeping Computer.

Pierluigi Paganini

(SecurityAffairs – hacking, Cencosud)

The post Chilean-based retail giant Cencosud hit by Egregor Ransomware appeared first on Security Affairs.

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

A hacker has shared 3.2 million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor.

Pluto TV is an American internet television service, it is an advertiser-supported video on demand (AVOD) service that primarily offers a selection of programming content through digital linear channels designed to emulate the experience of traditional broadcast programming. 

The service has over 28 million members.

The data breach appears to be the work of a well-known threat actor named ShinyHunters, who is behind many other security breaches, including the hacks of Microsoft’s private GitHub repository, the popular digital banking app Dave.com, and Animal Jam.

This week, a threat actor shared a database containing 3.2 million Pluto TV user records, he also added that the service was hacked by ShinyHunters.

Shiny unters PLUTO TV
Source Bleeping Computer

The dump includes PLUTO TV’s display name, email address, bcrypt hashed password, birthday, device platform, and IP address.

Bleeping Computer, which has validated the authenticity of the archive, reported that the latest record in the database was created on October 12th, 2018.

Pluto TV users are urged to immediately change their passwords, in case they share the same password at other sites, it is recommended that they change them too.

Pierluigi Paganini

(SecurityAffairs – hacking, ShinyHunters)

The post ShinyHunters hacked Pluto TV service, 3.2M accounts exposed appeared first on Security Affairs.

Week in review: Cybersecurity workforce gap decreases, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles: Every employee has a cybersecurity blind spot 80% of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic, particularly in times of heightened stress. Microsoft advises users to stop using SMS- and voice-based MFA Multi-factor authentication (MFA) that depends on one of the authentication factors being delivered via SMS and voice calls … More

The post Week in review: Cybersecurity workforce gap decreases, new issue of (IN)SECURE appeared first on Help Net Security.