IT Security Newsletter

IT Security Newsletter - 4/10/2024

Written by Cadre | Wed, Apr 10, 2024

April's Patch Tuesday Brings Record Number of Fixes

If only Patch Tuesdays came around infrequently - like total solar eclipse rare - instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch - a record 147 flaws in Windows and related software. Yes, you read that right. READ MORE...

530k Impacted by Data Breach at Wisconsin Healthcare Organization

Group Health Cooperative of South Central Wisconsin (GHC-SCW) has started notifying more than half a million people that their personal information was stolen in a ransomware attack. The incident occurred on January 25 and resulted in disruptions caused by the isolation of compromised systems, but no file-encrypting ransomware was deployed, GHC-SCW says in an incident notice on its website. READ MORE...

AT&T now says data breach impacted 51 million customers

AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021. READ MORE...

Targus business operations disrupted following cyber attack

Targus, the well-known laptop bag and case manufacturer, has been hit by a cyber attack that has interrupted its normal business operations. In an SEC filing, Targus described discovering last Friday that hackers had gained unauthorised access to its IT systems. As a consequence, there has been a "temporary interruption" to the business's operations as part of what Targus describes its "proactive containment measures" to prevent the hackers from causing more problems. READ MORE...

Microsoft fixes two Windows zero-days exploited in malware attacks

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. The first, tracked as CVE-2024-26234 and described as a proxy driver spoofing vulnerability, was issued to track a malicious driver signed using a valid Microsoft Hardware Publisher Certificate that was found by Sophos X-Ops in December 2023 and reported by team lead Christopher Budd. READ MORE...

Twitter's Clumsy Pivot to X[.]com Is a Gift to Phishers

On April 9, Twitter/X began automatically modifying links that mention "twitter[.]com" to read "x[.]com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links - such as fedetwitter[.]com, which until very recently rendered as fedex[.]com in tweets. A search at DomainTools shows at least 60 domain names have been registered over the past two days for domains ending in "twitter[.]com." READ MORE...

Why Liquid Cooling Systems Threaten Data Center Security & Our Water Supply

In our digitally driven world, data has become an invaluable asset to companies across sectors. Data enables intelligent products, services, and operations. Data is also the unsung hero in today's "age of AI." By 2030, the AI market will be worth more than $1.3 billion in revenue - growing 36.8% from 2023's market size of $150.2 billion, and data is arguably the catalyzer driving this immense growth. READ MORE...

EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities

The increasing popularity of electric vehicles (EVs) isn't just a favorite for gas-conscious consumers, but also for cybercriminals who focus on using EV charging stations to launch far-reaching attacks. This is because every charging point, whether inside a private garage or on a public parking lot, is online and running a variety of software that interacts with payment systems and the electric grid, along with storing driver identities. READ MORE...

Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

Fortinet on Tuesday announced patches for a dozen vulnerabilities in FortiOS and other products, including a critical-severity remote code execution (RCE) bug in FortiClientLinux. The critical flaw, tracked as CVE-2023-45590 (CVSS score of 9.4), is described as a code injection issue that could allow an unauthenticated, remote attacker to execute arbitrary code or commands by convincing a user to visit a malicious website. READ MORE...

Thousands of LG TVs are vulnerable to takeover-here's how to ensure yours isn't one

As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security update patching four critical vulnerabilities discovered late last year. The vulnerabilities are found in four LG TV models that collectively comprise slightly more than 88,000 units around the world, according to results returned by the Shodan search engine for Internet-connected devices. The vast majority of those units are located in South Korea, followed by Hong Kong, the US, Sweden, and Finland. READ MORE...

  • ...in 1912, the RMS Titanic leaves port in Southampton, England for her first and last voyage.
  • ...in 1925, F. Scott Fitzgerald's classic novel "The Great Gatsby" is first published in New York City.
  • ...in 1970, The Beatles officially break up after Paul McCartney announces that he is leaving for personal and professional reasons.
  • ...in 1992, actress Daisy Ridley (Star Wars: The Force Awakens) is born in London, England.