IT Security Newsletter

IT Security Newsletter - 11/15/2023

Written by Cadre | Wed, Nov 15, 2023

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025, a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. SmartScreen is a built-in Windows component that tries to detect and block malicious websites and files. READ MORE...

Rackspace records $5M in expenses related to 2022 ransomware attack

Rackspace Technology recorded $5 million in expenses for the first nine months of this year, stemming from the December 2022 ransomware attack of the company's Hosted Exchange business, according to a 10-Q filing with the Securities and Exchange Commission. The managed email solution for small- and medium-sized businesses represented about 1% of the company's revenue and, following the attack, Rackspace discontinued the Hosted Exchange product. READ MORE...

Pharmacy provider Truepill data breach hits 2.3 million customers

Postmeds, doing business as 'Truepill,' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. Truepill is a B2B-focused pharmacy platform that uses APIs for order fulfillment and delivery services for direct-to-consumer (D2C) brands, digital health companies, and other healthcare organizations across all 50 states in the U.S. READ MORE...

Software Vulnerabilities Are on the Decline, According to New Synopsys Research

Synopsys, Inc. (Nasdaq: SNPS) today published the 2023 Software Vulnerability Snapshot report. According to the data, analyzed by Synopsys Cybersecurity Research Center (CyRC), there has been a significant decrease in vulnerabilities found in target applications - from 97% in 2020 to 83% in 2022 - an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors. READ MORE...

Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion

Software maker Adobe on Tuesday rolled out a massive batch of security fixes to cover critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy and Audition products. As part of its scheduled Patch Tuesday updates, Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software. READ MORE...

Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities

Chipmakers Intel and AMD both released security advisories this Patch Tuesday, informing customers about a total of more than 130 vulnerabilities found in their products. Intel has published 31 advisories covering roughly 105 vulnerabilities. One of the most interesting flaws patched by Intel this week is a CPU flaw discovered internally by the company and independently by Google researchers. AMD on Tuesday published five new security advisories to inform customers about a total of 27 vulnerabilities. READ MORE...

US Announces IPStorm Botnet Takedown and Its Creator's Guilty Plea

The US government on Tuesday announced the takedown of the IPStorm botnet and the guilty plea of a man who created and operated the cybercrime service. According to the Justice Department, the FBI dismantled the infrastructure associated with the IPStorm malware, as well as the proxy network powered by the IPStorm botnet. The malware was delivered to thousands of Windows, Linux, Mac and Android devices located all around the world, enabling cybercriminals to use the compromised devices for a proxy service. READ MORE...

21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers

Researchers have discovered 21 vulnerabilities in a popular brand of industrial router. On Dec. 7 at Black Hat Europe, analysts from Forescout will reveal the bugs - including one of 9.6 "Critical" severity on the CVSS scale, and nine "High" severity - affecting a brand of operational technology (OT)/Internet of Things (IoT) routers especially common in the medical and manufacturing sectors. READ MORE...

New Reptar CPU flaw impacts Intel desktop and server systems

Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures. Attackers can exploit the flaw-tracked as CVE-2023-23583 and described as a 'Redundant Prefix Issue'-to escalate privileges, gain access to sensitive information, or trigger a denial of service state (something that could prove very costly for cloud providers). READ MORE...

  • ...in 1916, "Peanuts" animator Jose "Bill" Melendez, who also voiced Snoopy and Woodstock, is born in Sonora, Mexico.
  • ...in 1926, The NBC radio network opens across 24 stations nationwide.
  • ...in 1929, actor Ed Asner ("The Mary Tyler Moore Show", "Elf") is born in Kansas City, MO.
  • ...in 1971, Intel releases the first commercially-available single-chip microprocessor, the 4004.