Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection. READ MORE...
A ransomware attack against San Francisco's Bay Area Rapid Transit exposed highly sensitive and personal data after a threat group leaked the records Friday. The nation's fifth-largest transit system by ridership, and largest in California, remains operational. Vice Society, a prolific ransomware group, claimed responsibility for the attack on Friday when it listed BART on its leak site. READ MORE...
UK-based manufacturing company Morgan Advanced Materials revealed on Tuesday that it's investigating a cybersecurity incident. The company has launched an investigation after detecting unauthorized activity on its network. The wording suggests that it's an ongoing security breach. "Upon becoming aware of the incident, the Company immediately launched an investigation, engaged its specialist support services and has implemented its incident response plans," Morgan Advanced Materials said. READ MORE...
Third-party administrator of insurance products Bay Bridge Administrators (BBA) is informing roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach. On Tuesday, the Austin, Texas-based administrator of employee benefit plans announced that, on September 5, 2022, it fell victim to a cyberattack that caused a network disruption. READ MORE...
Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information. Security researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng Hunting Labs), noting that it employs uncommon tactics, techniques, and procedures (TTPs). READ MORE...
Microsoft's first security update for 2023 contained patches for a whopping 98 vulnerabilities, including one that attackers are actively exploiting and another that is publicly known but has not been exploited yet. Microsoft identified 11 of the vulnerabilities it disclosed today as being of "critical" severity, meaning organizations using affected products need to prioritize these flaws before addressing the other ones. READ MORE...
More than a fifth of the passwords protecting network accounts at the US Department of the Interior-including Password1234, Password1234!, and ChangeItN0w!-were weak enough to be cracked using standard methods, a recently published security audit of the agency found. The audit was performed by the department's inspector general, which obtained cryptographic hashes for 85,944 employee active directory (AD) accounts. Auditors then used a list of more than 1.5 billion words that included: READ MORE...
Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding assistants into suggesting dangerous code. Named 'Trojan Puzzle,' the attack stands out for bypassing static detection and signature-based dataset cleansing models, resulting in the AI models being trained to learn how to reproduce dangerous payloads. READ MORE...
Researchers at the University of Waterloo in Ontario have further researched a loophole in the WiFi protocol that was dubbed "polite WiFi". Last year the researchers published a study in which they showed someone could use this loophole to triangulate the location of any WiFi enabled device. Now, they've followed up that study to say that someone could also drain the batteries of such device. READ MORE...
Researchers at firmware security company Red Balloon Security have discovered a potentially serious vulnerability affecting many of Siemens' programmable logic controllers (PLCs). Exploitation of the vulnerability, tracked as CVE-2022-38773, could allow an attacker to bypass protected boot features and persistently modify the controller's operating code and data. The cause, according to Red Balloon Security, is a series of architectural issues affecting Siemens Simatic and Siplus S7-1500 CPUs. READ MORE...