Security News > 2020 > October

Singapore's largest online grocery store Lazada Redmart has suffered a data breach after 1.1 million user accounts were put up for sale on a hacker forum. Hackers selling the illicit data dumps told BleepingComputer they had obtained Lazada's MongoDB-based data set with data from over 1.1 million RedMart accounts.

Hackers have stolen $2.3 million from the Wisconsin Republican Party's account that was being used to help reelect President Donald Trump in the key battleground state, the party's chairman told The Associated Press on Thursday. The party noticed the suspicious activity on Oct. 22 and contacted the FBI on Friday, said Republican Party Chairman Andrew Hitt.

Universal Health Services, a Fortune 500 hospital and healthcare services provider, says that it has managed to restore systems after a September Ryuk ransomware attack. The ransomware attack the healthcare provide refers to as a "Security incident" took place during the early hours of Sunday, September 27, and it forced UHS employees to shut down all systems to block the malware from spreading to unaffected network systems.

NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub. Visibility into network traffic, especially in distributed edge environments and with malicious attacks on the rise, is a critical part of ensuring uptime and performance.

How can you identify when someone feels the need to offer advice, even if they have nothing of value to offer? Or, how can you identify when someone thinks they have something of value to offer but doesn't realize how unhelpful it is? Lastly, how can you identify when a piece of advice truly is a good one? In this spirit, I'd like to offer five angles that one can use to evaluate whether a piece of advice is good or bad. 1. What does the person giving the advice stand to gain from the situation? What possible reasons could a person have for giving you a particular piece of advice? What do you stand to lose from implementing the advice? What risk are you taking by listening to the advice?

Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that's been a persistent worry to both the company and the U.S. government over the last few months. Despite patching awareness efforts, Microsoft said it is still receiving "a small number of reports from customers and others" about active exploits of the bug tracked as CVE-2020-1472, or Zerologon, according to a blog post by Aanchal Gupta, vice president of engineering for MSRC, on Thursday.

Starting on Friday, US high school students can register to participate in CyberStart America, an online puzzle-solving game designed to identify cybersecurity talent and qualify participants for an opportunity to compete in the National Cyber Scholarship Competition next year. The CyberStart America program, sponsored by the National Cyber Scholarship Foundation, aims to find students with an affinity for security-oriented challenges in the hope of steering them toward careers defending US organizations.

In a report published this week, HackerOne reveals that XSS flaws accounted for 18% of all reported issues, and that the bounties companies paid for these bugs went up 26% from last year, reaching $4.2 million. The second most awarded vulnerability type in 2020, HackerOne says, is Improper Access Control, which saw a 134% increase in occurrence compared to 2019, with a total of $4 million paid by companies in bug bounty rewards.

Red Hat announced Red Hat Enterprise Linux 8.3, the latest version of its enterprise Linux platform. To support these needs, Red Hat Enterprise Linux 8.3 further expands Red Hat System Roles which provide prescriptive and automated ways for operating system-specific configurations.

A security company wedded to the back to basics approach on this is password and authentication specialist Specops, which recommends starting with an audit using the company's Password Auditor, a Windows Active Directory tool which can be downloaded free of charge to generate a risk score report. Without making any changes, the tool analyses the AD password policies it finds, checking a range of attributes such as length, password rules such as minimum length, lockout policy, password age, how many have expired, and how a policy compares to industry best practice.