Watchtower's Weekly InfoSec Round-up: August 13 to August 19


In the Watchtower Weekly InfoSec Roundup, we summarize the latest information security news, breaches, vulnerabilities & advancements. In this week's edition:

  • Database leaked 1M fingerprints.

  • Critical flaw affects all Windows devices.

  • Cerberus banking trojan for rent.

Read these stories and other timely infosec news below.

Cyber Attacks & Breaches

  • BioStar 2 database leaked one million fingerprints, facial recognition data
    (SC Magazine) August 14th
    A breach in a database of biometric security smart lock platform Suprema BioStar 2 exposed more than one million fingerprint records as well as facial recognition information and other sensitive data. The web-based system is used by the likes of the U.K. Metropolitan Police to control access to physical facilities and manage users permissions. 

  • Hackers Demand $1M in Grays Harbor Ransomware Attack
    (Health IT Security) August 14th
    Hackers infected Washington-based Grays Harbor Community Hospital and Harbor Medical Group with ransomware and demanded a payment of $1 million to unlock patient files, according to a report from the Daily World.

  • Ransomware strike takes down 23 Texas local government agencies
    (ars Technica) August 19th
    Early on August 16, a total of 23 local government organizations in Texas were hit by a coordinated ransomware attack. The type of ransomware has not been revealed, and Texas officials asserted that no state networks were compromised in the attack.

  • Data breach: ASU accidentally reveals email addresses of 4,000 students
    (AZ Family) August 19th
    Arizona State University has notified 4,000 students that their email addresses "were accidentally revealed" in a large data breach. ASU told the students on Aug. 16 it happened in late July when a university office sent bulk emails about renewing health insurance coverage without masking the identities of the recipients.

  • 700K Guest Records Stolen in Choice Hotels Breach
    (Dark Reading) August 13th
    Hotel franchisor Choice Hotels has confirmed a breach in which attackers stole 700,000 guest records from a publicly available MongoDB database without a password or any authentication.

  • Hy-Vee investigates possible 'data breach'
    (KETV Omaha) August 14th
    HyVee officials said they are investigating a possible “data incident” involving its payment processing systems. HyVee said the possible breach focuses on transactions at some fuel pumps, drive-thru coffee shops and restaurants, including Market Grilles, Market Grille Expresses and the Wahlburgers locations that HyVee owns and operates.

    (Knox Radio) August 13th
    The FBI is investigating a data breach affecting about 18,500 current and former Bismarck Public Schools students and nearly 1,100 employees.

Vulnerabilities & Exploits

  • Security Flaws Discovered in 40 Microsoft-Certified Device Drivers
    (Dark Reading) August 12th
    A security researcher showed that device drivers — the small utility applications that allow particular pieces of hardware to work with an operating system — can bridge critical gaps for legitimate hardware and malicious hackers alike.

  • 8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
    (The Hacker News) August 14th
    Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. 

Risks & Warnings

  • Cerberus: A New Android 'Banking Malware For Rent' Emerges
    (The Hacker News) August 13th
    After a few popular Android Trojans like Anubis, Red Alert 2.0, GM bot, and Exobot, quit their malware-as-a-service businesses, a new player has emerged on the Internet with similar capabilities to fill the gap, offering Android bot rental service to the masses. 

Receive the next edition of Watchtower’s Weekly InfoSec Roundup directly via email by subscribing here.

Watchtower's Weekly InfoSec Round-up: August 5 to August 12


In the Watchtower Weekly InfoSec Roundup, we summarize the latest information security news, breaches, vulnerabilities & advancements. In this week's edition:

  • Regulators eye Twitter data breach.

  • 23 Million user records exposed online.

  • Warshipping giving hackers corporate access.

Read these stories and other timely infosec news below.

Cyber Attacks & Breaches

  • Regulator eyes Twitter data breach alerts
    (The Times UK) August 11th
    The Irish Data Protection Commission has confirmed that it is assessing a data- breach notification from Twitter after its misuse of user data in Europe.

  • Data breach: 23 million user records hacked and shared online
    (Komando) August 7th
    T-shirt seller CafePress has asked its customers to reset their passwords as part of an updated "password policy." But the email request came after it was reported that the data of 23.2 million people had been exposed following a system hack in February.

  • State Farm Suffers Data Breach
    (Security Magazine) August 8th
    State Farm, the insurance provider in the US, has been compromised in a credential stuffing attack, according to a news report. The firm, acknowledged the cyberattack, filing a data breach notification with the California Attorney General.

  • SEC Investigating Data Leak at First American Financial Corp.
    (Krebs on Security) August 12th
    The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records.

  • Threesome app exposes user data, locations from London to the White House
    (ZDNet) August 9th
    This "privacy trainwreck" not only exposed the near real-time location of users, but also leaked dates of birth, sexual preferences, chat information, and private pictures, even if the user has enabled some form of privacy. Currently, 3Fun claims 1.5 million users worldwide. 

  • Data Breach Exposes Personal Info for 53,000 Illinois Students
    (Center for Digital Education) August 7th
    Nearly 53,000 students and 3,100 educators in Naperville were affected by the breach, which occurred at a company that handles the districts’ K-8 academic assessments. The company said there’s been no evidence of misuse.

  • Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty On Blackmailer
    (The Hacker News) August 7th
    Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have and will release the data of thousands of its customers if the company did not pay 300 Bitcoins.

  • FDNY: EMS patient data possibly compromised
    (Queens Chronicle) (Queens Chronicle)
    The FDNY is in the process of notifying more than 10,000 patients who have been treated or transported by department EMS personnel that their personal information — including Social Security numbers in an estimated 3,000 cases — may have been potentially compromised when an employee’s external hard drive went missing.

  • Suspected Data Breach May Have Affected 15,000 County Workers
    (Techwire) August 6th
    A suspected data breach may have compromised the personal information of as many as 15,298 current and former Kern County government employees and their dependents, a government spokeswoman said.

  • 2 Misconfigured Databases Breach Sensitive Data of Nearly 90K Patients
    (Health IT Security) August 7th
    A trove of patient information was breached during two separate security incidents; health vendor Medico and Amarin Pharma recently confirmed misconfigured databases put patient data at risk.

Vulnerabilities & Exploits

Risks & Warnings

Receive the next edition of Watchtower’s Weekly InfoSec Roundup directly via email by subscribing here.

Up to Speed on AI and Deep Learning: July 25 to August 7


In the Watchtower’s Up to Speed on AI and Deep Learning, we summarize the latest news, research, technology, and applications of AI and Deep Learning. In this week's edition:

  • Self-driving cars being trained like StarCraft II bots. 

  • 17 ways data science is demystifying the unknown.

  • AI-powered bar uses facial recognition to serve customers. 

Read these stories and other timely AI and Deep Learning news below.


  • Google’s DeepMind is training Waymo’s self-driving cars like StarCraft II bots
    (Digital Trends)
    DeepMind is teaming up with Waymo, a fellow unit of Google parent Alphabet, to train self-driving cars, using the same method that was created to teach artificial intelligence bots how to play StarCraft II. Waymo’s self-driving vehicles utilize neural networks to carry out tasks such as detecting objects on the road, predicting how other cars will behave, and planning its next moves. Training the neural networks has required “weeks of fine-tuning and experimentation, as well as enormous amounts of computational power.

  • China has started a grand experiment in AI education. It could reshape how the world learns.
    (MIT Technology Review)
    Experts agree AI will be important in 21st-century education—but how? While academics have puzzled over best practices, China hasn’t waited around. In the last few years, the country’s investment in AI-enabled teaching and learning has exploded. Tech giants, startups, and education incumbents have all jumped in. Tens of millions of students now use some form of AI to learn.

    Data scientists have changed almost every industry. In medicine, their algorithms help predict patient side effects. In sports, their models and metrics have redefined “athletic potential.” Data science has even tackled traffic, with route-optimizing models that capture typical rush hours and weekend lulls. 

  • Facebook empowers OpenStreetMap community with AI-enhanced tools
    (Tech Crunch)
    If we’re going to map the world, we’re not going to do it with ever-greater volumes of elbow grease. There’s just too much work to do. AI and computer vision are helpful assistants in this task, however, as a Facebook effort has shown, laying down hundreds of thousands of miles of previously unmapped roads in Thailand and other less well-covered countries.

  • Machine Learning Helps Discover New Polymers Which Can Be Used For 5G Connectivity
    (Analytics India Magazine)
    Over the last few years, the chances of creating new conducting polymers with the help of machine learning have caught the attention of many researchers in the field of chemistry. Now, a team of researchers has discovered a new kind of polymer which contains high thermal conductivity and can be beneficial to the 5G mobile communication technologies.

Research and Tutorials 

  • Are We Really Making Much Progress? A Worrying Analysis of Recent Neural Recommendation Approaches
    Deep learning techniques have become the method of choice for researchers working on algorithmic aspects of recommender systems. With the strongly increased interest in machine learning in general, it has, as a result, become difficult to keep track of what represents the state-of-the-art at the moment, e.g., for top-n recommendation tasks. At the same time, several recent publications point out problems in today's research practice in applied machine learning, e.g., in terms of the reproducibility of the results or the choice of the baselines when proposing new models. In this work, the authors report the results of a systematic analysis of algorithmic proposals for top-n recommendation tasks. Specifically, they considered 18 algorithms that were presented at top-level research conferences in the last years.

  • ERNIE 2.0: A Continual Pre-training Framework for Language Understanding
    Recently, pre-trained models have achieved state-of-the-art results in various language understanding tasks, which indicates that pre-training on large-scale corpora may play a crucial role in natural language processing. Current pre-training procedures usually focus on training the model with several simple tasks to grasp the co-occurrence of words or sentences. However, besides co-occurring, there exists other valuable lexical, syntactic and semantic information in training corpora, such as named entity, semantic closeness, and discourse relations. In order to extract to the fullest extent, the lexical, syntactic and semantic information from training corpora, the authors propose a continual pre-training framework named ERNIE 2.0 which builds and learns incrementally pre-training tasks through constant multi-task learning. 

  • RoBERTa: A Robustly Optimized BERT Pretraining Approach
    Language model pretraining has led to significant performance gains but careful comparison between different approaches is challenging. Training is computationally expensive, often done on private datasets of different sizes, and, as the authors will show, hyperparameter choices have significant impact on the final results. They present a replication study of BERT pretraining (Devlin et al., 2019) that carefully measures the impact of many key hyperparameters and training data size. They find that BERT was significantly undertrained, and can match or exceed the performance of every model published after it.

AI and ML in Society

  • AI and Bionic Eyes Are Helping to Contain Raging Wildfires
    In a tower in the Brazilian rain forest, a sentinel scans the horizon for the first signs of fire. Only these eyes aren’t human. They don’t blink or take breaks, and guided by artificial intelligence they can tell the difference between a dust cloud, an insect swarm and a plume of smoke that demands quick attention. In Brazil, the devices help keep mining giant Vale SA working, and protect trees for pulp and paper producer Suzano SA.

    (The Tech Edvocate)
    Mental health problems like anxiety and depression can interfere with a student’s studies and hinder performance. Depression is associated with poor academic performance and dropping out of school. Traditionally clinicians have interviewed patients, asking questions about mood, lifestyle, and previous mental problems to identify whether a patient is depressed or not. That method might be something of the past. Machine learning might step in to diagnose depression in patients.

  • Understanding Explainable AI
    As artificial intelligence becomes an increasing part of our daily lives and we are finding that the need to trust these AI based systems with all manner of decision making and predictions is paramount. The sorts of decisions and predictions being made by AI-enabled systems is becoming much more profound, and in many cases, critical to life, death, and personal wellness.

Receive the next edition of Up to Speed on AI and Deep Learning directly via email by subscribing here.

Watchtower's Weekly InfoSec Round-up: July 30 to August 5


In the Watchtower Weekly InfoSec Roundup, we summarize the latest information security news, breaches, vulnerabilities & advancements. In this week's edition:

  • Data breach affects 183,000 patients.

  • 200 Million devices vulnerable to takeover.

  • New ways to hack WPA3 protected wifi passwords.

Read these stories and other timely infosec news below.

Cyber Attacks & Breaches

  • Stockx was Hacked, Exposing Millions of User Records
    (Tech Crunch) August 3rd
    An unnamed data breached seller contacted TechCrunch claiming more than 6.8 million records were stolen from the site in May by a hacker. The seller declined to say how they obtained the data.

  • A cyber-attack gets $700,000 from the City of Naples
    (FOX 4) August 1st
    Fox 4 has confirmed a major cyber-attack on one of Southwest Florida’s most prominent cities. Naples City Manager Charles T. Chapman IV tells Fox 4 the city was the victim of a criminal cyber-attack. He says the thieves got away with $700,000.

  • Clothing Resale Marketplace Poshmark Announces Data Breach
    (Vice) August 1st
    Poshmark, a website focused on letting people sell used clothes, announced hackers had stolen data from the company. The information stolen includes a customer's username, first and last name, gender, city, clothes size preference, email address, and hashed password, according to the announcement.

  • Sephora reports data breach, but few details
    (SC Magazine) July 30th
    Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia. The company does not believe any credit card information was involved nor that any of the data exposed has been used in a malicious manner.

  • Nevada students’ information exposed in data breach
    (Las Vegas Review Journal) August 1st
    More than 650,000 Nevada students had personal information exposed in a data breach announced by the state’s two largest school districts, prompting internet safety advocates to urge parental caution with products children use online.

  • 1M Payment Cards Exposed in South Korea Breach
    (Dark Reading) August 1st
    Researchers have detected a significant uptick in the amount of South Korean-issued payment card records, with more than 1 million posted for sale on the Dark Web since May 29.

Vulnerabilities & Exploits

  • Chrome 76 Patches 43 Vulnerabilities
    (SecurityWeek) July 31st
    Google this week released Chrome 76 to the stable channel with 43 security fixes inside, as well as with other safety and privacy enhancements. 

  • DHS Alerts to Remote Vulnerabilities in Multiple VPN Applications
    (Health IT Security) July 30th
    Vulnerabilities found in Palo Alto Networks, FortiGuard, and Pulse Secure Virtual Private Network (VPN) applications could allow a remote attack to take control of the affected systems, according to a recent alert from the Department of Homeland Security.

Risks & Warnings

  • Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords
    (The Hacker News) August 3rd
    A team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords.

  • U.S. Issues Hacking Security Alert for Small Planes
    (SecurityWeek) July 30th
    The Department of Homeland Security issued a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.

  • New Mirai botnet lurks in the Tor network to stay under the radar
    (ZDNet) August 1st
    A new variant of the Mirai botnet has been discovered which utilizes the Tor network to prevent command server takedowns or seizure. Mirai is an Internet of Things (IoT) botnet which has been used in distributed denial-of-service (DDoS) attacks in the past against prominent websites.

  • New Lord exploit kit is spreading 'Eric' ransomware, according to Malwarebytes
    (computing) August 5th
    Cybersecurity firm Malwarebytes has warned about a new exploit kit, named Lord, which is spreading ransomware via compromised websites. Lord EK was first spotted on 1st August and it was concluded that this exploit kit was part of a malvertising chain (via the PopCash ad network), using a compromised site to redirect potential victims to a malicious landing page.

    Receive the next edition of Watchtower’s Weekly InfoSec Roundup directly via email by subscribing here.

Watchtower Weekly InfoSec Roundup: July 23 to July 29


In the Watchtower Weekly InfoSec Roundup, we summarize the latest information security news, breaches, vulnerabilities & advancements. In this week's edition:

  • Capital One breach affecting 100 million customers.

  • Critical flaw found that powers 2 billion devices.

  • Malware spreads via LinkedIn.

Read these stories and other timely infosec news below.

Cyber Attacks & Breaches

  • Customers of Zions Bank notified of data breach
    (The Salt Lake Tribune) July 26th
    Zions Bank sent letters to some of its customers this week notifying them of an online data breach. User names, email addresses, account numbers — as well as Social Security or tax numbers if used as identification — were included in the accessed information.

  • BASF, Siemens, Henkel, Roche target of cyber attacks
    (Reuters) July 24th
    German blue-chip companies BASF, Siemens, Henkel along with a host of others said they had been victims of cyber attacks, confirming a German media report which said the likely culprit was a state-backed Chinese group.

  • Louisiana Declares Cybersecurity State of Emergency
    (Dark Reading) July 25th 
    A series of attacks on school districts around the state led Governor John Bel Edwards to issue the declaration that brings new resources and statewide coordination to what had been a collection of local cybersecurity events.

  • 13,000 NAB customers affected by data breach
    (ComputerWorld) July 28th
    NAB has begun contacting some 13,000 of its customers revealing details of a data breach. The bank said that a range of personal information including names, dates of birth, contact details and in some cases, the number of a government-issued ID documents, was erroneously uploaded to the servers of two “data service companies”.

Vulnerabilities & Exploits

  • Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices
    (The Hacker News) July 29th
    Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.

  • Scams use false alerts to target Office 365 users, admins
    (SC Magazine) July 23rd
    Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators.

  • Browser Flaws Exposed Local Area Networks at Health, Drug Firms
    (HIT Infrastructure) July 24th
    Vulnerabilities in Chrome and Firefox browser extensions enabled attackers to access local area networks (LANs) of several healthcare and pharmaceutical companies including AthenaHealth, Epic Systems, Kaiser Permanente, Merck, Pfizer, and Roche.

Risks & Warnings

  • APT34 spread malware via LinkedIn invites
    (SC Magazine) July 23rd
    FireEye researchers identified a phishing campaign conducted by the cyberespionage group APT34 masquerading as a member of Cambridge University to gain their victim’s trust to open malicious documents.

Join us next week for the next edition of Watchtower’s Weekly InfoSec Roundup!

Loading more posts…