Nightfall InfoSec Roundup: February 17 to February 24
Details of 10.6 Million MGM Hotel Guests Posted on a Hacking Forum
The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.
Vinyl cover maker Slickwraps coughs up customer info in a data breach
In an email sent to customers this morning, Slickwraps says an “unauthorized party” accessed its private databases, and obtained customer names, emails and addresses. Slickwraps claims passwords and credit card information weren’t compromised. “We are deeply sorry for this oversight. We promise to learn from this mistake and will make improvements going forward…”
Facilities Maintenance Firm Recovering From Malware Attack
Exploits & Vulnerabilities
PayPal ‘Critical’ Login Hack: New Report Warns You Are At Risk From Thieves-Here’s The Reality
Google Chrome 80 Security Warning: U.S. Government Says Update Again
The Cybersecurity and Infrastructure Security Agency is encouraging Google users to update again just weeks after the Chrome 80 release. Heres what you need to know. Earlier this month, version 80 of the Google Chrome browser was released. A release that caused something of an immediate kerfuffle with warnings that cookie changes could break stuff, and even potential new privacy concerns.
Google Is Letting People Find Invites to Some Private WhatsApp Groups
Google is indexing invite links to WhatsApp group chats whose administrators may want to be private. This means with a simple search, random people can discover and join a wide range of WhatsApp group chats. “Your WhatsApp groups may not be as secure as you think they are,” Jordan Wildon, a multimedia journalist for German outlet Deutsche Welle, tweeted on Friday.
7 of the World’s Top 10 Open Source Packages Come with This Warning
Three API security risks in the wake of the Facebook breach
Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted in the theft of 30 million authentication tokens and almost as much personally identifiable information. A “View As” feature that enabled developers to render user pages also let attackers obtain the user’s access token.
Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
A critical flaw in the High Availability (HA) service of Cisco Smart Software Manager On-Prem Base has been uncovered, which would open the door to remote attackers thanks to its use of a static, default password, even if the platform isn’t directly connected to the internet.
Ongoing Risks & Threats
The State of Cybersecurity in 2020: Five Key Trends
Municipal Cyberattacks Put Us All at Risk: What Can We Learn From Previous Attacks?
High-risk vulnerabilities and public cloud-based attacks on the rise
A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index.
Is your IT partner your biggest cybersecurity threat?
Numerous accounts of IT service provider and MSP breach are now being reported worldwide, and once the IT service provider is breached, so are their clients networks. Think about the access your IT service provider has to your systems, the passwords they hold, the direct access they have to your servers, systems, cloud platforms and data.