IT Security Newsletter

IT Security Newsletter - 7/17/2023

Written by Cadre | Mon, Jul 17, 2023

Former contractor accused of remotely accessing town's water treatment facility

A federal grand jury has indicted a former employee of a contractor operating a California town's wastewater treatment facility, alleging that he remotely turned off critical systems and could have endangered public health and safety. 53-year-old Rambler Gallor of Tracy, California, held a full-time position at a Massachusetts company that was contracted by the town of Discovery Bay to operate its water treatment plant. READ MORE...

Chinese hacking operation puts Microsoft in the crosshairs over security failures

Revelations that hackers in China used a Microsoft security flaw to execute a highly targeted, sophisticated operation targeting some two dozen entities, including the U.S. commerce secretary, have officials and researchers alike exasperated the company's products have once again been used to pull off an intelligence coup. What's worse, U.S. cybersecurity workers only discovered the operation this week thanks to a premium Microsoft logging service. READ MORE...

Block known breached passwords from your active directory

Cyber-attacks occur globally, targeting every industry, and business size. As users, authentication, and data move outside of the network, thanks to widespread SaaS adoption, they create a larger attack surface for businesses. The average company uses 254 applications, and more than half are not owned or managed by the IT department. This diminishes the ability to enforce basic security practices, such as multi-factor authentication and password policies. READ MORE...

How Hackers Can Hijack a Satellite

A computer flying hundreds or even thousands of kilometers in the sky, at a speed of tens of thousands of kilometers an hour, is nonetheless still a computer. And every connected computer has an attack surface. Researchers, nation-states, and even ordinary cybercriminals have long demonstrated how to hijack the control and communications aspects of satellite technology. Just last year, on the day of its ground invasion, Russian hackers caused an outage for the Ukrainian satellite Internet service provider Viasat. READ MORE...

Exploitation of ColdFusion Vulnerability Reported as Adobe Patches Another Critical Flaw

Adobe on Friday announced patches for a critical-severity vulnerability in ColdFusion that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-38203 (CVSS score of 9.8), the flaw is described as "deserialization of untrusted data" in ColdFusion versions 2023, 2021 and?2018. This typically allows an attacker to supply specially crafted data and trigger the execution of arbitrary code, potentially leading to complete system compromise. READ MORE...

Cisco Flags Critical SD-WAN Vulnerability

A critical security vulnerability in Cisco's SD-WAN vManage software could allow a remote, unauthenticated attacker to gain read and limited write permissions, and access data. The bug carries a score of 9.1 out of 10 on the CVSS vulnerability-severity scale, and it exists in the vManage API, which is used to monitor and configure Cisco devices running on an overlay network, the company explained. READ MORE...

  • ...in 1889, bestselling author Erle Stanley Gardner, creator of the original "Perry Mason" detective stories, is born in Malden, MA.
  • ...in 1954, former German Chancellor Angela Merkel is born in Hamburg, West Germany.
  • ...in 1955, Disneyland televises its grand opening in Anaheim, California.
  • ...in 1995, NASDAQ stock index closes above the 1,000 mark for the first time.