The National Republican Congressional Committee's email system was hacked leading up to midterm elections. Credit: Valery Brozhinsky / Getty Images “Thousands of emails were stolen” from four senior aides to the National Republican Congressional Committee (NRCC), the campaign arm for House Republicans, during the 2018 midterm campaign. MSSP first detected the hack and then CrowdStrike was brought into it in April to investigate the “unauthorized access.” The emails were not made public and no other personal information or donor details are believed to have been affected by the hack. The FBI is investigating.Other cybersecurity news:Canada’s 1-800-Flowers hackedFour flipping years — not only was that how long baddies had access to Marriott’s Starwood’s guest reservation database before being noticed, but it’s also how long it took the Canadian branch of 1-800-Flowers to realize an unauthorized actor had access to website customers’ payment card data. The breach notification (pdf) sent to the California attorney general’s office revealed the attacker had access to payment card data from Aug. 15, 2014, to Sept. 15, 2018. Stolen data included names, payment card numbers, expiration dates, and security codes for about 75,000 Canadian flower shoppers.Out-of-band patch the Adobe Flash zero-day Adobe released an out-of-band security update for Flash Player; the zero-day has been used inside malicious Microsoft documents.Critical Kubernetes vulnerability While in patching mode, if you don’t have automatic updates turned on for Kubernetes, then you should get on patching your Kubernetes installations immediately to close a critical privilege escalation flaw. It’s a “big deal” and could allow a threat actor to not only “steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”Citrix forced password reset for ShareFileAbout those Citrix forced password reset notifications, Citrix claimed it is “not in response to a breach” at Citrix or ShareFile. Instead, “regularly-scheduled, forced password resets” are now part of its “normal operating procedures.”Government-backed hacking group using malicious Chrome extensionA nation state APT group that appears to be out of North Korea has been using a malicious Google Chrome extension that, after victims install, allows the cyber-espionage group to gain a foothold and then use “off-the-shelf tools to ensure persistence, including Remote Desktop Protocol (RDP) to maintain access.”‘London Blue’ scammer group has list of 50,000 execs to target The security company Agari discovered a scammer group’s list of 50,000 executives. Seventy-one percent of the names on London Blue’s database list are chief financial officers; the rest were primarily other finance heads and executive assistants from companies located all over the globe, but mostly from the U.S., the U.K., Spain, Finland, the Netherlands, and Mexico.US-CERT SamSam ransomware alertThe FBI and DHS issued a SamSam ransomware alert via US-CERT. SamSam, for example, is what whacked and managed to cripple the City of Atlanta. The alert, which comes on the heels of the Department of Justice’s indictment of two Iranians behind SamSam attacks, includes a list of 14 mitigationsDuckDuckGo claims Google delivers personalized results even for logged-out incognito users After conducting a study, DuckDuckGo determined that Google users are trapped in a filter bubble that delivers personalized results for users who are logged out of Google, even if they use incognito mode.Creepy Line explains how Google and Facebook manipulate the publicCheck out this documentary for more about the “creepy line,” which examines “what Google and Facebook do once they control a user’s data. Not only is this data sold to the highest bidder, but it is used it to mold, massage, and manipulate the public consciousness while influencing opinion on a vast scale — all with the goal of transforming society to fit their worldview.”Update Vtech tablet to stop hackers from watching your kidsSpeaking of creepy, if your kids have a Vtech “safe” tablet, specifically either the InnoTab Max or the Storio Max device, then heed the reminder to upgrade the software unless you actually want hackers watching your kids via the webcam. The flaw could potentially allow hackers to gain remote access and “be able to monitor the child, listen to them, talk to them, have full access and control of the device.” Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe