Watchtower Weekly InfoSec Roundup: July 23 to July 29

Watchtower Weekly InfoSec Roundup: July 23 to July 29

Cyber Attacks & Breaches

  • Customers of Zions Bank notified of data breach

    (The Salt Lake Tribune) July 26th

    Zions Bank sent letters to some of its customers this week notifying them of an online data breach. User names, email addresses, account numbers — as well as Social Security or tax numbers if used as identification — were included in the accessed information.

  • BASF, Siemens, Henkel, Roche target of cyber attacks

    (Reuters) July 24th

    German blue-chip companies BASF, Siemens, Henkel along with a host of others said they had been victims of cyber attacks, confirming a German media report which said the likely culprit was a state-backed Chinese group.

  • Louisiana Declares Cybersecurity State of Emergency

    (Dark Reading) July 25th 

    A series of attacks on school districts around the state led Governor John Bel Edwards to issue the declaration that brings new resources and statewide coordination to what had been a collection of local cybersecurity events.

  • 13,000 NAB customers affected by data breach

    (ComputerWorld) July 28th

    NAB has begun contacting some 13,000 of its customers revealing details of a data breach. The bank said that a range of personal information including names, dates of birth, contact details and in some cases, the number of a government-issued ID documents, was erroneously uploaded to the servers of two “data service companies”.

  • Ransomware crooks hit Synology NAS devices with brute-force password attacks

    (ZDNet) July 26th

    Taiwan-headquartered storage vendor Synology is warning users to strengthen the passwords to their network attached storage (NAS) after several devices — capable of storing terabytes of data — were encrypted by ransomware. 


jefferson-santos-9SoCnyQmkzI-unsplash.jpg


Vulnerabilities & Exploits

  • Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices

    (The Hacker News) July 29th

    Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.

  • Scams use false alerts to target Office 365 users, admins

    (SC Magazine) July 23rd

    Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators.

  • Browser Flaws Exposed Local Area Networks at Health, Drug Firms

    (HIT Infrastructure) July 24th

    Vulnerabilities in Chrome and Firefox browser extensions enabled attackers to access local area networks (LANs) of several healthcare and pharmaceutical companies including AthenaHealth, Epic Systems, Kaiser Permanente, Merck, Pfizer, and Roche.

LinkedIn_logo.png

Risks & Warnings

  • APT34 spread malware via LinkedIn invites

    (SC Magazine) July 23rd

    FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents.

Join us next week for the next edition of Watchtower’s Weekly InfoSec Roundup!


 
 

Interested in learning more about Watchtower?

Watchtower Weekly InfoSec Roundup: July 30 to August 5

Watchtower Weekly InfoSec Roundup: July 30 to August 5

Up to Speed on AI and Deep Learning: July 12 to July 24

Up to Speed on AI and Deep Learning: July 12 to July 24