Security News
A software vendor specializing in record-keeping tools for plastic surgery clinics poorly secured a storage bucket hosted by Amazon Web Services containing hundreds of thousands of sensitive patient photos and records. Infosec outfit ClearSky claims it has evidence of Iranian hackers, likely state backed, breaking into "Dozens of companies around the world in the past three years" by exploiting "Known vulnerabilities in systems with unpatched VPN and RDP services." The miscreants target businesses that provide IT services to others, allowing the intruders to menace thousands of customers, we're told.
Global Cloud Xchange, the leading provider of global managed next-generation networks, announced the extension of its relationship with global automotive supplier Autoneum through a new three-year managed network agreement. With the renewed contract, GCX will proceed to transform Autoneum's business-critical Wide Area Network to embrace next-generation network technologies like SD-WAN. "Proceeding on our digitalization journey, we need to extend our flexibility in shifting workloads between Clouds or on-premises. Global real-time collaboration among employees and external partners using innovative new technologies is key."
Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks you've been putting off. Such as picking proper passwords, turning on two-factor authentication, downloading the latest security updates, making backups of your most important files, and revisiting your privacy settings in case you're oversharing by mistake?
Note that it's more than just One Safe Internet Day, where you spend 24 hours taking security seriously, only to fall back on bad habits the day after. As the old saying goes, "Cybersecurity is a journey, not a destination," and that's why we have SAFER internet day - it's all about getting BETTER at cybersecurity, no matter how safe you think you are already.
Over the weekend, an extensive disruption to Iran's telecommunication networks knocked out about 25 percent of the country's internet service for several hours, according to NetBlocks, a nonprofit organization that tracks internet freedom across the globe. The disruption, which took place at about 11:45 a.m. local time Saturday, caused an initial outage of cellular and fixed-line services in Iran for nearly an hour, with the country only able to partially recover its full internet service several hours after the incident, NetBlocks says.
Iran repelled a cyberattack on Saturday that disrupted the country's internet services for an hour, a telecommunications ministry official said. "At 11:44 a distributed denial-of-service attack disrupted the internet services of some mobile and fixed operators for an hour," tweeted Sajad Bonabi.
A 29-year-old Russian scumbag has admitted masterminding the Cardplanet underworld marketplace as well as a second forum for elite fraudsters. Aleksei Burkov appeared in a US federal district court in Virginia this week to plead guilty [PDF] to access device fraud, and conspiracy to commit computer intrusion, identity theft, wire and access device fraud, and money laundering.
Five identical Elasticsearch databases containing 250 million records of Microsoft customer support incidents were exposed on the internet for all to see for at least two days right at the end of 2019. What data was published? These are logs of customer service and support interactions between 2005 and now.
ACROS Security's 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks. Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability.
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers. The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.