IT Security Newsletter

IT Security Newsletter - 11/2/2022

Written by Cadre | Wed, Nov 2, 2022

OpenSSL 3 patch, once Heartbleed-level "critical," arrives as a lesser "high"

An OpenSSL vulnerability once signaled as the first critical-level patch since the Internet-reshaping Heartbleed bug has just been patched. It ultimately arrived as a "high" security fix for a buffer overflow, one that affects all OpenSSL 3.x installations, but is unlikely to lead to remote code execution. OpenSSL version 3.0.7 was announced last week as a critical security fix release. READ MORE...

Dropbox discloses breach after hacker stole 130 GitHub repositories

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent. READ MORE...

Group indicted for breaching CPA, tax preparation firms via stolen credentials

United States Attorney Roger B. Handberg announces the partial unsealing of an indictment charging eight individuals with Racketeer Influenced and Corrupt Organizations (RICO) conspiracy. Four have also been charged with wire fraud conspiracy and aggravated identity theft. If convicted, each faces a maximum penalty of 20 years in federal prison for the RICO conspiracy count. READ MORE...

Microsoft Patches Azure Cosmos DB Flaw Leading to Remote Code Execution

A missing authentication check vulnerability in Azure Cosmos DB could have allowed an attacker to execute arbitrary code remotely, Orca Security warns. Azure Cosmos DB is a NoSQL database used on e-commerce platforms to store catalog data, and in order processing pipelines for event sourcing. The security defect was identified in Azure Cosmos DB Jupyter notebooks, an open-source interactive developer environment (IDE) that allows developers to share documents, live code, visualizations, and more. READ MORE...

Racoon Stealer admin will be extradited to the US, charged for computer crimes

The US Department of Justice has indicted a Ukrainian national for his involvement in Raccoon Stealer, a noteworthy password-stealing Trojan leased in the underground for criminals to use as part of a malware-as-a-service (MaaS) business model. According to court documents, Mark Sokolovsky, 26, is currently held in the Netherlands under an extradition request from the US government. Dutch authorities arrested Sokolovsky, known online as "raccoonstealer," in March 2022. READ MORE...

Amid election conspiracy theories, CISA says there's no credible threat to voting equipment

A week before the midterm elections, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the Biden administration has done "everything we can" to protect election infrastructure and cautioned against overreactions to any voting mishaps on Election Day. "There are going to be errors, there are going to be glitches. That happens in every election," Easterly said during a Center for Strategic and International Studies event in Washington on Tuesday. READ MORE...

How Retailers Can Stay Protected During the Most Wonderful Time of the Year

As the holidays creep around the corner, consumers and retailers aren't the only ones gearing up for the season. Cybercriminals are right on their tail. It's no secret that major consumer holidays - from Amazon Prime Day to the end-of-year holiday sprint - carry big targets for threat actors. Projections for this year's Black Friday shows online spending reaching $13 billion. READ MORE...

  • ...in 1889, North and South Dakota are admitted as the 39th and 40th U.S. states.
  • ...in 1913, actor Burt Lancaster ("Elmer Gantry", "From Here to Eternity") is born in New York City.
  • ...in 1959, game show contestant Charles Van Doren admits to a Congressional committee that he had been given questions and answers in advance.
  • ...in 2016, the Chicago Cubs defeat the Cleveland Indians in the World Series, ending the longest Major League Baseball championship drought at 108 years.