IT Security Newsletter

IT Security Newsletter - 10/12/2021

Written by Cadre | Tue, Oct 12, 2021

Olympus US systems hit by cyberattack over the weekend

Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021. "Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue," Olympus says in a statement published today, two days after the attack. READ MORE...

Microsoft Exposes Iran-linked APT Targeting U.S., Israeli Defense Tech Sectors

Threat hunters at Microsoft are raising the alarm about a new Iran-linked threat actor caught using password-spraying techniques to break into defense technology companies in the United States, Israel and parts of the Middle East. The Redmond, Wash. software giant on Monday shared technical details on UNC-0343, an Iran-linked apex actor that has been actively attempting to break into Office 365 accounts since at least July 2021. READ MORE...

Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks

Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads. This vulnerability, tracked as CVE-2021-30883, is a critical memory corruption bug in the IOMobileFrameBuffer allowing an application to execute commands on vulnerable devices with kernel privileges. READ MORE...

Apache OpenOffice users should upgrade to newest security release!

The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document. Apache OpenOffice is an open-source office productivity suite that includes a word processor (Writer), a spreadsheet tool (Calc), a presentation editor (Impress), a vector graphics drawing editor (Draw), and more. READ MORE...

Microsoft revokes insecure SSH keys for Azure DevOps customers

Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies. Azure DevOps is a Microsoft cloud service specifically designed for code development collaboration with an integrated set of features accessible through an integrated development environment (IDE) client or web browser. READ MORE...

GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket

Developers of Git GUI client GitKraken have addressed a vulnerability resulting in the generation of weak SSH keys, and they are prompting users to revoke and renew their keys. Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken. The security hole was identified in late September and was addressed with the release of GitKraken version 8.0.1. READ MORE...

InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks

Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available. The flaws were discovered nearly one year ago by researchers at industrial cybersecurity firm OTORIO in IR615 LTE routers made by industrial IoT solutions provider InHand Networks. READ MORE...

  • 1810, the citizens of Munich, Germany hold the first Oktoberfest.
  • 1901, President Theodore Roosevelt officially renames the "Executive Mansion" to the White House.
  • 1968, actor Hugh Jackman ("X-Men", "The Prestige") is born in Sydney, Australia.
  • 1979, Douglas Adams' comedic science fiction novel "The Hitchhiker's Guide to the Galaxy" is published.