IT Security Newsletter

IT Security Newsletter - 9/7/2023

Written by Cadre | Thu, Sep 7, 2023

Mystery solved? Microsoft thinks it knows how Chinese hackers stole its signing key

When Microsoft revealed earlier this year that hackers based in China snooped on the email accounts belonging to senior U.S. officials, the news was accompanied by a mystery: How did the hackers obtain the signing key - the closely guarded, critical piece of Microsoft's security infrastructure - that they used to bypass security protections? On Wednesday, Microsoft revealed the results of its internal investigation regarding how that key was stolen. READ MORE...

Russia's 'Fancy Bear' APT Targets Ukrainian Energy Facility

Earlier this week, infamous Russian cyberespionage group Fancy Bear (aka APT28, Strontium, or Sofacy) was caught attacking a critical energy facility in Ukraine. The attack was ultimately thwarted by a cybersecurity professional working for the organization that was targeted. Ukraine's Computer Emergency Response Team (CERT-UA) detected and explored the attack, it noted in a report. CERT-UA stated that the MO of the group was to use bulk phishing emails from a fake address that linked to a .ZIP archive. READ MORE...

IBM Discloses Data Breach Impacting Janssen Healthcare Platform

IBM is notifying customers and users of a Johnson & Johnson healthcare platform that their personal information may have been compromised as a result of a data breach. IBM explained that it provides services to Johnson & Johnson, which includes managing an application and third-party database for the company's Janssen CarePath patient support program. Janssen recently became aware of a vulnerability that enabled unauthorized access to the CarePath database. READ MORE...

Okta customers' IT staff duped by MFA reset swindle

Four Okta customers fell victim to social engineering attacks this summer when threat actors convinced IT service desk personnel to reset all multifactor authentication factors of highly privileged users, according to the identity and access management provider. The attacks demonstrated novel methods of lateral movement and defense evasion, Okta said in an Aug. 31 filing with the Securities and Exchange Commission. READ MORE...

Cisco Patches Critical Vulnerability in BroadWorks Platform

Cisco on Wednesday announced patches for a critical-severity vulnerability in the BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks calling and collaboration platform was identified in the single sign-on (SSO) implementation and could be exploited by remote, unauthenticated attackers to forge credentials and access affected systems. READ MORE...

Thousands of Popular Websites Leaking Secrets

Code security firm Truffle Security warns that thousands of the domains in the Alexa top 1 million websites list are leaking secrets, including credentials. According to the company, which provides an open source secret-scanning engine, 4,500 of the analyzed websites exposed their .git directory. Created when a Git repository is initialized, a .git directory includes all the information necessary for a project, including code commits, file paths, version control information, and more. READ MORE...

Toyota says filled disk storage halted Japan-based factories

Toyota says a recent disruption of operations in Japan-based production plants was caused by its database servers running out of storage space. On August 29th, it was reported that Toyota had to halt operations on 12 of its 14 Japan-based car assembly plants due to an undefined system malfunction. As one of the largest automakers in the world, the situation caused production output losses of roughly 13,000 cars daily, threatening to impact exports to the global market. READ MORE...

University of Michigan requires password resets after cyberattack

On Tuesday, the University of Michigan (UMICH) warned staff and students that they must reset their account passwords after a recent cyberattack. Emails sent by the university's CISO and CIO to community members seen by BleepingComputer ask for password changes by September 12. Failure to abide by this mandatory change will lead to the users being unable to sign into their accounts until they go through the much more intricate forgotten password recovery procedure. READ MORE...

How China gets free intel on tech companies' vulnerabilities

For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they're revealed-exploiting them to carry out their campaigns of espionage or cyberwar-or spend millions to dig up new ones or to buy them in secret from the hacker gray market. But for the past two years, China has added another approach: a law that simply demands that any network technology business operating in the country hand it over. READ MORE...

  • ...in 1908, Cleveland Browns coach and Cincinnati Bengals owner Paul Brown is born in Norwalk, OH.
  • ...in 1927, The first fully electronic television system is achieved by Philo Taylor Farnsworth.
  • ...in 1936, Charles Hardin Holley, better known as '50s rockabilly icon Buddy Holly, is born in Lubbock, TX.
  • ...in 1986, human rights activist Archbishop Desmond Tutu becomes the first Black leader of the Anglican Church in South Africa.