IT Security Newsletter

IT Security Newsletter - 1/18/2023

Written by Cadre | Wed, Jan 18, 2023

Nissan North America data breach caused by vendor-exposed database

Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information. The security incident was reported to the Office of the Maine Attorney General on Monday, January 16, 2023, where Nissan disclosed that 17,998 customers were affected by the breach. In the notification sample, Nissan claims it received notice of a data breach from one of its software development vendors on June 21, 2022. READ MORE...

University suffers leaks, shutdowns at the hands of Vice Society

The Vice Society ransomware gang is back and making some unfortunate waves in the education sector. According to Bleeping Computer, the Society has held their ransomware laden hands up and admitted an attack on the University of Duisberg-Essen. Sadly this isn't the University's first encounter with ransomware attacks, though it has proven to perhaps be its worst, given reports of leaks and changes to its IT infrastructure. READ MORE...

More than 4,400 Sophos firewall servers remain vulnerable to critical exploits

More than 4,400 Internet-exposed servers are running versions of the Sophos Firewall that's vulnerable to a critical exploit that allows hackers to execute malicious code, a researcher has warned. CVE-2022-3236 is a code-injection vulnerability allowing remote code execution in the User Portal and Webadmin of Sophos Firewalls. It carries a severity rating of 9.8 out of 10. When Sophos disclosed the vulnerability last September, the company warned it had been exploited in the wild as a zero-day. READ MORE...

Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels

Norway?-based industrial risk management and assurance solutions provider DNV said a recent ransomware attack on its ship management software impacted 1,000 vessels. DNV revealed on January 9 that its ShipManager software was targeted in a cyberattack on January 7, which forced the company to shut down associated servers. In an update shared on January 17, the company clarified that it was targeted in a ransomware attack that impacted 70 of its customers and roughly 1,000 vessels. READ MORE...

Git patches two critical remote code execution security flaws

Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses. A third Windows-specific flaw impacting the Git GUI tool caused by an untrusted search path weakness enables unauthenticated threat actors to run untrusted code low-complexity attacks. READ MORE...

Four Microsoft Azure services found vulnerable to server-side request forgery

Researchers found four instances where Microsoft Azure services were vulnerable to server-side request forgery attacks, according to a report released Tuesday from Orca Security. The vulnerable services included Azure API Management, Azure Functions, Azure Machine Learning and Azure Digital Twins. In two instances involving Azure Functions and Azure Digital Twins, the vulnerabilities did not require authentication, so an attacker could exploit them without an Azure account. READ MORE...

Hackers Can Exploit GE Historian Vulnerabilities for ICS Espionage, Disruption

Vulnerabilities found in GE's Proficy Historian product could be exploited by hackers for espionage and to cause damage and disruption in industrial environments. The US Cybersecurity and Infrastructure Security Agency (CISA) informed organizations about these vulnerabilities on Tuesday, when industrial cybersecurity firm Claroty, whose researchers discovered the flaws, also released a blog post detailing the findings. READ MORE...

  • ...in 1778, explorer James Cook is the first known European to discover the Hawaiian Islands, which he names the "Sandwich Islands".
  • ...in 1904, actor Cary Grant (born Archibald Alexander Leach) is born in Bristol, England.
  • ...in 1911, aviation pioneer Eugene B. Ely lands a Curtiss biplane on the deck of the USS Pennsylvania, the first successful shipboard landing of an aircraft.
  • ...in 1969, actor and former WWE wrestler/MMA fighter Dave Bautista (Guardians of the Galaxy, Spectre) is born in Washington, D.C.
  • ...in 1993, Martin Luther King, Jr. Day is officially observed for the first time in all 50 states.