IT Security Newsletter

IT Security Newsletter - 12/29/2022

Written by Cadre | Thu, Dec 29, 2022

After the Uber Breach: 3 Questions All CISOs Should Ask Themselves

The recent conviction of Joe Sullivan, Uber's chief information security officer (CISO), for failing to report the company's 2016 data breach came as an unwelcome surprise to some and as a justified consequence of Mr. Sullivan's actions to others. As a fellow CISO and information security leader for over 30 years, I respect Sullivan's distinguished career and, at the same time, fully support the verdict. Sullivan found himself in an ethical dilemma that most CISOs find themselves in sooner or later. READ MORE...

Hackers abuse Google Ads to spread malware in legit software

Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products. Among the products impersonated in these campaigns include Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, µTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave. READ MORE...

Crypto trading platform 3Commas admits massive API key leak

An anonymous Twitter user published yesterday a set of 10,000 API keys allegedly obtained from the 3Commas cryptocurrency trading platform. 3Commas bots use these API keys to generate profit for the customers by interacting with cryptocurrency trading exchanges without requiring account credentials, to perform automated investment and trading actions on behalf of the users. READ MORE...

Thousands of Citrix servers vulnerable to patched critical flaws

Thousands of Citrix ADC and Gateway deployments remain vulnerable to two critical-severity security issues that the vendor fixed in recent months. The first flaw is CVE-2022-27510, fixed on November 8. It's an authentication bypass that affects both Citrix products. An attacker could exploit it to gain unauthorized access to the device, perform remote desktop takeover, or bypass the login brute force protection. READ MORE...

Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) last week published three advisories to describe a total of four high-severity vulnerabilities. Rockwell Automation has published individual advisories for each security hole. READ MORE...

  • ...in 1800, chemist and engineer Charles Goodyear, inventor of vulcanized rubber and tire company namesake, is born in New Haven, CT.
  • ...in 1916, James Joyce's first novel "A Portrait of the Artist as a Young Man" is published in a collected edition.
  • ...in 1929, Blues Hall of Fame guitarist Matt "Guitar" Murphy, who played with Howlin' Wolf and Memphis Slim as well as the Blues Brothers, is born in Sunflower, MS.
  • ...in 1967, the memorable classic "Star Trek" episode "The Trouble with Tribbles" first airs on NBC.