IT Security Newsletter

IT Security Newsletter - 8/2/2023

Written by Cadre | Wed, Aug 2, 2023

Retail chain Hot Topic discloses wave of credential-stuffing attacks

American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers. Hot Topic is a retail chain specialized in counter-culture clothing and accessories, and licensed music, that has 675 stores across the U.S. It also operates an online shop with nearly 10 million visitors every month, according to data from SimilarWeb. READ MORE...

Firefox 116 Patches High-Severity Vulnerabilities

Mozilla on Tuesday announced the release of Firefox 116, Firefox ESR 115.1, and Firefox ESR 102.14, which include patches for multiple high-severity vulnerabilities. The browser maker lists a total of 14 CVEs in its advisory, nine of which are rated 'high severity'. Three of the CVEs refer to memory safety bugs in Firefox. The first of the high-severity flaws, tracked as CVE-2023-4045, is described as a cross-origin restrictions bypass in Offscreen Canvas, which failed to properly track cross-origin tainting. READ MORE...

It's a hot 0-day summer for Apple, Google, and Microsoft security fixes

The summer patch cycle shows no signs of slowing down, with tech giants Apple, Google, and Microsoft releasing multiple updates to fix flaws being used in real-life attacks. July also saw serious bugs squashed by enterprise software firms SAP, Citrix, and Oracle. Here's everything you need to know about the major patches released during the month. Apple had a busy July after issuing two separate security updates during the month. READ MORE...

Hackers use new malware to breach air-gapped devices in Eastern Europe

Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. Air-gapped systems typically fulfill critical roles and are isolated from the enterprise network and the public internet either physically or through software and network devices. Researchers at cybersecurity company Kaspersky discovered the new malware and attributed it to the cyber-espionage group APT31, a.k.a. Zirconium. READ MORE...

'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web

The developer behind the FraudGPT malicious chatbot is readying even more sophisticated adversarial tools based on generative AI and Google's Bard technology - one of which will leverage a large language model (LLM) that uses as its knowledge base the entirety of the Dark Web itself. An ethical hacker who already had discovered another AI-based hacker tool, WormGPT, tipped off the researchers that the FraudGPT inventor has more AI-based malicious chatbots in the works, according to SlashNext. READ MORE...

67% of data breaches start with a single click

Technology is accelerating faster than it ever has before, giving IT and security teams more tools to fend off cybersecurity attacks from an increasingly diverse slate of bad actors, according to Comcast Business. However, the tactics cybercriminals are using to access systems are also growing more sophisticated by the day. Access to armies of botnets and sprawling lists of customer data are just a few clicks away on the dark web. READ MORE...

Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack

The recently patched zero-day vulnerability affecting Ivanti's Endpoint Manager Mobile (EPMM) product has been exploited by an advanced persistent threat (APT) group since at least April 2023. On Tuesday, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) published a joint advisory describing Ivanti product vulnerabilities and their use in attacks aimed at Norwegian organizations. READ MORE...

Compromised Barracuda appliances equipped with persistent backdoors by attackers

The Cybersecurity and Infrastructure Security Agency (CISA) has published three malware analysis reports based on malware variants associated with the exploitation of a known vulnerability in Barracuda ESG appliances. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The vulnerability at hand is listed as CVE-2023-2868, which has a CVSS score 9.4 out of 10. READ MORE...

  • ...in 1776, the Declaration of Independence is signed by every member of the Continental Congress.
  • ...in 1932, physicist Carl Anderson discovers the positron (the antimatter counterpart to the electron) while studying particles in cosmic rays.
  • ...in 1939, physicists Albert Einstein and Leo Szilard send a historic letter to President Franklin D. Roosevelt, urging the U.S. to build an atomic weapon.
  • ...in 2018, Apple Inc. becomes the first company to be valued at over $1 trillion USD.