IT Security Newsletter

IT Security Newsletter - 3/11/2024

Written by Cadre | Mon, Mar 11, 2024

Microsoft: Russian hackers accessed internal systems, code repositories

Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country's Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft corporate email systems to burrow into the company's source code repositories and internal systems. "It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email," the company's Security Response Center shared on Friday. READ MORE...

Change Healthcare systems expected to come back online in mid-March

Change Healthcare systems are expected to come back online starting in mid-March, about a month after a cyberattack disabled the technology firm, parent company UnitedHealth Group said Thursday. Electronic payments will be available beginning March 15, and electronic prescribing is fully functional as of Thursday. Change will start testing its claims network and software on March 18, with plans to restore service through that week. READ MORE...

Fidelity Investments Life Insurance says customer data breach linked to third-party hack

Fidelity Investments Life Insurance Co. said the personal data of more than 28,000 customers was accessed through a hack at Infosys McCamish Systems, a third-party service provider, according to a notification filed with the Maine Attorney General's office. Infosys McCamish notified Fidelity Investments in early November about the incident, where an unauthorized third party gained access to some of Infosys McCamish's systems between Oct. 29 and Nov. 2, 2023, according to the notification letter. READ MORE...

Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes

There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities before vendors have issued a fix. The cybercrime crew has targeted US medical, manufacturing, and energy-sector organizations, according to Check Point, which said it spotted Magnet Goblin abusing security holes in Ivanti's code. READ MORE...

QNAP warns of critical auth bypass flaw in its NAS devices

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection. While the last two require the attackers to be authenticated on the target system, which significantly lessens the risk. READ MORE...

Critical Fortinet flaw may impact 150,000 exposed devices

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. America's Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) catalog. READ MORE...

Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory

Fresh proof-of-concept (PoC) exploits are circulating in the wild for a widely targeted Atlassian Confluence Data Center and Confluence Server flaw. The new attack vectors could enable a malicious actor to stealthily execute arbitrary code within Confluence's memory without touching the file system. Researchers at VulnCheck have been tracking the exploits for the CVE-2023-22527 remote code execution (RCE) vulnerability, which was disclosed in January. READ MORE...

Creating Security Through Randomness

When you step inside Cloudflare's San Francisco office, the first thing you notice is a wall of lava lamps. Visitors often stop to take selfies, but the peculiar installation is more than an artistic statement, it's an ingenious security tool. The changing patterns created by the lamps' floating blobs of wax help Cloudflare encrypt Internet traffic. The idea was hatched in 2013, when company CEO Matthew Prince and CTO John Graham-Cumming were discussing ways to generate random numbers. READ MORE...

  • ...in 1818, author Mary Wollstonecraft Shelley publishes "Frankenstein; Or, The Modern Prometheus", widely considered to be the first work of science fiction.
  • ...in 1985, Mikhail Gorbachev is elected as General Secretary of the Soviet Union, becoming the USSR's final head of state.
  • ...in 1997, former Beatle Paul McCartney is officially knighted by Queen Elizabeth II.
  • ...in 2020, the World Health Organization officially declares the COVID-19 outbreak as a pandemic.