IT Security Newsletter

IT Security Newsletter - 10/12/2023

Written by Cadre | Thu, Oct 12, 2023

Simpson Manufacturing Takes Systems Offline Following Cyberattack

Engineering and manufacturing firm Simpson Manufacturing says it has taken some of its IT systems offline following a cyberattack this week. Headquartered in Pleasanton, California, Simpson Manufacturing produces building materials, including anchors, connectors, and new construction and retrofitting materials. In an 8K-Form filing this week, the company told the Securities and Exchange Commission that, on Tuesday, it discovered a cyberattack that impacted some of its systems. READ MORE...

Shadow PC warns of data breach as hacker tries to sell gamers' info

Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers. Shadow (Shadow) is a cloud gaming service providing users with high-end Windows PCs streamed to their local devices (PCs, laptops, smartphones, tablets, smart TVs), allowing them to run demanding AAA games on a virtual computer. READ MORE...

ToddyCat hackers use 'disposable' malware to target Asian telecoms

A newly discovered campaign dubbed "Stayin' Alive" has been targeting government organizations and telecommunication service providers across Asia since 2021, using a wide variety of "disposable" malware to evade detection. Most of the campaign's targets seen by cybersecurity firm Check Point are based in Kazakhstan, Uzbekistan, Pakistan, and Vietnam, while the campaign is still underway. READ MORE...

Apple Releases iOS 16 Update to Patch Exploited Vulnerability

Apple has released iOS and iPadOS updates to patch a kernel vulnerability that has been exploited in attacks. The flaw, tracked as CVE-2023-42824, has been described as a local privilege escalation issue, which suggests it has been used as part of an exploit chain. Apple has not shared any information on the attacks or the entity that reported the vulnerability. However, many of the recently patched iOS flaws that have been exploited in the wild have been leveraged by commercial spyware vendors. READ MORE...

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks

Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks, Cisco's Talos threat intelligence and research group reported on Wednesday. The vendor was notified in late June and given more than 90 days to release patches. However, no fixes appear to have been released and Cisco has made public the technical details in accordance with its vulnerability disclosure policy. READ MORE...

CD-indexing cue files are the core of a serious Linux remote code exploit

It has been a very long time since the average computer user thought about .cue files, or cue sheets, the metadata bits that describe the tracks of an optical disc, like a CD or DVD. But cue sheets are getting attention again, for all the wrong reasons. They're at the heart of a one-click exploit that could give an attacker code execution on Linux systems with GNOME desktops. READ MORE...

  • ...in 1810, the citizens of Munich, Germany hold the first Oktoberfest.
  • ...in 1901, President Theodore Roosevelt officially renames the "Executive Mansion" to the White House.
  • ...in 1968, actor Hugh Jackman ("X-Men", "The Prestige") is born in Sydney, Australia.
  • ...in 1979, Douglas Adams' comedic science fiction novel "The Hitchhiker's Guide to the Galaxy" is published.