Daily Cybersecurity Roundup, September 23, 2020
Organizations are often saved from a crisis situation due to timely discovery of a security loophole in their systems. Recently, a researcher saved Town Sports International, the parent company of New York Sports Clubs and Christi’s Fitness gyms, from embarrassment as it was found blurting out about one terabyte of records. Meanwhile, Shopify, the e-commerce giant, hinted at an insider breach incident after its employees were caught red-handed stealing records. On that note, let’s quickly glance through the noteworthy cybersecurity highlights for the day.
An unprotected server at Town Sports International has been exposing around a terabyte of data including financial and personal customer records for almost a year.
Shopify reported a possible data leak of the customers who shopped at fewer than 200 merchants present on its e-commerce platform after two employees attempted to steal transaction records.
Midwest Property Management publicly exposed 1.2 million unencrypted records, allowing anyone to access or modify the data without requiring any administrative credentials.
The official website of the Ukraine National Police was knocked offline after an unidentified intrusion on their network.
Security experts unveiled a phishing campaign replicating the AT&T Global employee login page to steal employee credentials and one-time passwords.
The CISA warned of a significant rise in attacks involving the LokiBot malware—which scans Android devices for credentials—over the past few months.
OldGremlin, a new ransomware gang, was found launching attacks against large corporate networks of banks, medical labs, manufacturers, and software developers in Russia.
The U.S. National Institute of Standards and Technology (NIST) released a new tool called Phish Scale that utilizes real data to evaluate the complexity and quality of unsolicited emails and help organizations comprehend phishing attacks.
Check Point Software announced the acquisition of Odo Security, a cloud cybersecurity start-up, with a vision to redefine secure remote access for enterprises.
Cerberus Cyber Sentinel Corporation, a cybersecurity consulting firm acquired Clear Skies Security, a cybersecurity assessment firm.