<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/10/2024

SHARE

Top News

New year, new updates for security holes in Windows, Adobe, Android and more

Microsoft rang in the New Year with a relatively calm Patch Tuesday: Just 49 Windows security updates including fixes for two critical-rated bugs, plus four high-severity Chrome flaws in Microsoft Edge. None of the January CVEs are under active exploit, according to Redmond. Of the two critical vulnerabilities, CVE-2024-20674 received the highest CVSS severity rating. It's a 9.0-out-of-10 rated security feature bypass bug in Windows Kerberos. READ MORE...

Hacking

Ransomware Gang Gives Toronto Zoo the Monkey Business

The Toronto Zoo has experienced a ransomware attack that's driving its admins bananas. Or maybe not: The zoo reported that the animals, habitat support, and care systems are safe and have not been affected by the breach. The zoo is also still open to guests under normal operations, and its website is still functioning as usual. Even so, the zoo isn't monkeying around with its response: In a Jan. 8 notice on its website about the incident it noted that it's still investigating the extent of the incident. READ MORE...


Bitcoin price jumps after hackers hijack SEC Twitter account

The price of bitcoin briefly spiked on Tuesday after a post from the Securities and Exchange Commission's Twitter account claimed that the agency had approved exchanged traded funds to buy and sell the digital currency - a post the agency's chairman subsequently said had occurred because its account on the social media platform X had been compromised. Speculators and investors in bitcoin are eagerly awaiting news of whether the SEC will approve bitcoin ETFs. READ MORE...

Software Updates

Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security

Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, Microsoft's Patch Tuesday did not include any zero-day bugs, meaning administrators won't have to contend with any new vulnerabilities that attackers are actively exploiting at the moment - something that happened frequently in 2023. READ MORE...


Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024

On the first Patch Tuesday of 2024, industrial giants Siemens and Schneider Electric have released a total of only seven new security advisories, announcing fixes for 22 vulnerabilities. Siemens has published six new advisories covering 21 vulnerabilities. The most serious, based on its CVSS score of 10, is a vulnerability in Simatic IPCs, specifically the Redfish server component of MaxView Storage Manager. Microchip has released a patch for its MaxView product and users have been advised to install it. READ MORE...

Malware

CISA warns agencies of fourth flaw used in Triangulation spyware attacks

The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla. The Known Exploited Vulnerabilities catalog, or KEV for short, contains security issues that have been actively exploited in the wild. It is a valuable resource for organizations across the globe in the vulnerability management and prioritization process. READ MORE...

Information Security

Exposing the ransomware lie to "leave hospitals alone"

Ransomware groups are liars, yes, but even when these dangerous cybercriminals would ransack organizations and destroy entire companies, a few select groups espoused a sort of "honor among thieves." According to those few groups, their cybercriminal actions would never include organizations actively involved in healthcare, such as hospitals. But, as can be expected from ransomware groups, these were nothing but lies. The million-dollar criminal operations, awash with cash, are still vulnerable to greed. READ MORE...

Exploits/Vulnerabilities

Top LLM vulnerabilities and how to mitigate the associated risk

As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn't mean progress should grind to a halt: Exploring AI is essential to staying competitive, meaning CISOs are under intense pressure to understand and address emerging AI threats. While the AI threat landscape changes every day, there are a handful of LLM vulnerabilities that we know pose significant risk to enterprise operations today. READ MORE...


Kyocera Device Manager Vulnerability Exposes Enterprise Credentials

Organizations have been warned of a vulnerability in Kyocera Device Manager that can be exploited to capture credentials and gain access to accounts and devices. A web-based application, the Kyocera Device Manager is used for the management of multiple Kyocera printers and multifunction devices within an organization's environment, offering support for application deployment, setting up alerts, and more. READ MORE...

On This Date

  • ...in 1776, writer Thomas Paine publishes his pamphlet "Common Sense," setting forth his arguments in favor of American independence.
  • ...in 1927, director Fritz Lang's classic science fiction film "Metropolis" is released in Germany.
  • ...in 1943, folk singer Jim Croce ("Bad, Bad Leroy Brown", "Time in a Bottle") is born in South Philadelphia, PA.
  • ...in 1946, the US Army Signal Corps successfully conducts Project Diana, bouncing radio waves off of the Moon and receiving the reflected signals.
  • ...in 1949. professional boxer, two-time heavyweight champion, and electric grill spokesman George Foreman is born in Marshall, TX.