“Thousands of emails were stolen” from four senior aides to the National Republican Congressional Committee (NRCC), the campaign arm for House Republicans, during the 2018 midterm campaign. MSSP first detected the hack and then CrowdStrike was brought into it in April to investigate the “unauthorized access.” The emails were not made public and no other personal information or donor details are believed to have been affected by the hack. The FBI is investigating.
Other cybersecurity news:
Canada’s 1-800-Flowers hacked
Four flipping years — not only was that how long baddies had access to Marriott’s Starwood’s guest reservation database before being noticed, but it’s also how long it took the Canadian branch of 1-800-Flowers to realize an unauthorized actor had access to website customers’ payment card data. The breach notification (pdf) sent to the California attorney general’s office revealed the attacker had access to payment card data from Aug. 15, 2014, to Sept. 15, 2018. Stolen data included names, payment card numbers, expiration dates, and security codes for about 75,000 Canadian flower shoppers.
Out-of-band patch the Adobe Flash zero-day
Critical Kubernetes vulnerability
While in patching mode, if you don’t have automatic updates turned on for Kubernetes, then you should get on patching your Kubernetes installations immediately to close a critical privilege escalation flaw. It’s a “big deal” and could allow a threat actor to not only “steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”
Citrix forced password reset for ShareFile
About those Citrix forced password reset notifications, Citrix claimed it is “not in response to a breach” at Citrix or ShareFile. Instead, “regularly-scheduled, forced password resets” are now part of its “normal operating procedures.”
Government-backed hacking group using malicious Chrome extension
A nation state APT group that appears to be out of North Korea has been using a malicious Google Chrome extension that, after victims install, allows the cyber-espionage group to gain a foothold and then use “off-the-shelf tools to ensure persistence, including Remote Desktop Protocol (RDP) to maintain access.”
‘London Blue’ scammer group has list of 50,000 execs to target
The security company Agari discovered a scammer group’s list of 50,000 executives. Seventy-one percent of the names on London Blue’s database list are chief financial officers; the rest were primarily other finance heads and executive assistants from companies located all over the globe, but mostly from the U.S., the U.K., Spain, Finland, the Netherlands, and Mexico.
US-CERT SamSam ransomware alert
The FBI and DHS issued a SamSam ransomware alert via US-CERT. SamSam, for example, is what whacked and managed to cripple the City of Atlanta. The alert, which comes on the heels of the Department of Justice’s indictment of two Iranians behind SamSam attacks, includes a list of 14 mitigations
DuckDuckGo claims Google delivers personalized results even for logged-out incognito users
After conducting a study, DuckDuckGo determined that Google users are trapped in a filter bubble that delivers personalized results for users who are logged out of Google, even if they use incognito mode.
Creepy Line explains how Google and Facebook manipulate the public
Check out this documentary for more about the “creepy line,” which examines “what Google and Facebook do once they control a user’s data. Not only is this data sold to the highest bidder, but it is used it to mold, massage, and manipulate the public consciousness while influencing opinion on a vast scale — all with the goal of transforming society to fit their worldview.”
Update Vtech tablet to stop hackers from watching your kids
Speaking of creepy, if your kids have a Vtech “safe” tablet, specifically either the InnoTab Max or the Storio Max device, then heed the reminder to upgrade the software unless you actually want hackers watching your kids via the webcam. The flaw could potentially allow hackers to gain remote access and “be able to monitor the child, listen to them, talk to them, have full access and control of the device.”