The Security Digest: #88 – Security Boulevard

/in


A software misconfiguration briefly allowed a hacker to send out thousands of fake emails from an @ic.fbi.gov email account. Over 1 Million customers were affected by GoDaddy’s latest data breach. California Pizza Kitchen is under fire for a large database breach that leaked thousands of SSNs. Researchers have found that threat actors are hacking Microsoft Exchange servers.

Over 1 Million People Affected in GoDaddy’s Latest Breach

  • This past Monday, 1.2 Million GoDaddy, the world’s largest domain registrar, customers were affected by company’s latest fifth database breach since 2018. An “unathorized third party” was able to hack into the company’s systems on Sept. 6 before finally being noticed on Nov. 17. “We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Demetrius Comes, GoDaddy CISO, said in the website notice. Read more at ThreatPost.

Burnt: California Pizza Kitchen’s Data Breach:

  • California Pizza Kitchen (CPK) has recently announced a widespread data breach that leaked 100,000+ Social Security numbers belonging to active and previous employees. CPK determined that “cybercriminals had infiltrated its systems and gained access to certain files, including employee names and SSNs,” in early October. Read more at TechCrunch.

FBI Hoax Email Blast:

  • On Nov. 13, the Federal Bureau confirmed that the fbi.gov domain name and Internet address were used to send out thousands of fake emails about a cybercrime investigation. Someone claiming responsibility for the email blasts explained that it was accomplished by manipulating weak code in an “FBI online portal designed to share information with state and local law enforcement authorities.” Read more at KrebsOnSecurity.

Microsoft Exchange Servers Hacked

  • Trend Micro researchers have found that threat actors are hacking Microsoft Exchange servers using a tactic involving ProxyShell and ProxyLogon vulnerabilities to distribute malware and bypass detection using stolen internal reply-chain emails. The threat actors were able to distribute malicious emails to a company’s…

Source…