Nightfall Weekly InfoSec Roundup: July 23 to July 29

Cyber Attacks & Breaches

  • Customers of Zions Bank notified of data breach
    (The Salt Lake Tribune) July 26th
    Zions Bank sent letters to some of its customers this week notifying them of an online data breach. User names, email addresses, account numbers — as well as Social Security or tax numbers if used as identification — were included in the accessed information.

  • BASF, Siemens, Henkel, Roche target of cyber attacks
    (Reuters) July 24th
    German blue-chip companies BASF, Siemens, Henkel along with a host of others said they had been victims of cyber attacks, confirming a German media report which said the likely culprit was a state-backed Chinese group.

  • Louisiana Declares Cybersecurity State of Emergency
    (Dark Reading) July 25th
    A series of attacks on school districts around the state led Governor John Bel Edwards to issue the declaration that brings new resources and statewide coordination to what had been a collection of local cybersecurity events.

  • 13,000 NAB customers affected by data breach
    (ComputerWorld) July 28th
    NAB has begun contacting some 13,000 of its customers revealing details of a data breach. The bank said that a range of personal information including names, dates of birth, contact details and in some cases, the number of a government-issued ID documents, was erroneously uploaded to the servers of two “data service companies”.

  • Ransomware crooks hit Synology NAS devices with brute-force password attacks
    (ZDNet) July 26th
    Taiwan-headquartered storage vendor Synology is warning users to strengthen the passwords to their network attached storage (NAS) after several devices — capable of storing terabytes of data — were encrypted by ransomware.

Vulnerabilities & Exploits

  • Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices
    (The Hacker News) July 29th
    Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.

  • Scams use false alerts to target Office 365 users, admins
    (SC Magazine) July 23rd
    Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators.

  • Browser Flaws Exposed Local Area Networks at Health, Drug Firms
    (HIT Infrastructure) July 24th
    Vulnerabilities in Chrome and Firefox browser extensions enabled attackers to access local area networks (LANs) of several healthcare and pharmaceutical companies including AthenaHealth, Epic Systems, Kaiser Permanente, Merck, Pfizer, and Roche.

Risks & Warnings

  • APT34 spread malware via LinkedIn invites
    (SC Magazine) July 23rd
    FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents.

 

Join us next week for the next edition of Nightfall’s Weekly InfoSec Roundup!

Download Best WordPress Themes Free Download
Download Best WordPress Themes Free Download
Free Download WordPress Themes
Download WordPress Themes
ZG93bmxvYWQgbHluZGEgY291cnNlIGZyZWU=
download xiomi firmware
Download Nulled WordPress Themes
lynda course free download