<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter

Get the latest headlines, summaries, and security news!

IT Security Newsletter - 1/14/2020

TopNews_ITSEC

Windows 7 Reaches End of Life Today, What You Need to Know

It's the end of an era: Windows 7 will reach end of support today, on January 14, a decade after its initial release, with Microsoft to no longer provide users with software updates and security updates or fixes. "The specific end of support day for Windows 7 will be January 14, 2020," Microsoft says. "After that, technical assistance and software updates from Windows Update that help protect your PC will no longer be available for the product."

Software_ITSEC

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

Hacking_ITSEC

Scammers Dupe Texas School District Out of $2.3M

A Texas school district, based outside of Austin, Tex., has lost $2.3 million after falling victim to an email scam. The Manor Independent School District encompasses 8,000 students from elementary to high school. Police told local news outlets that the incident started in early November and continued through December, before it was discovered by the district.

Breaches_ITSEC-1

Boing Boing says hacker got around 2FA in breaching its content management system

Boing Boing, a popular blog and news aggregator with deep roots on the internet, said Monday that an unknown attacker had used a hacked account of one of its team members to spread malicious code. The hacker was able to get around two-factor authentication — an extra security measure — to log into the Boing Boing content management system (CMS) software. From there, the attacker installed a widget that redirected Boing Boing visitors to a malicious web page, the publication said in a statement under the tagline, “We Wuz Hacked.”

Exploits_ITSEC

Exploit that gives remote access affects ~200 million cable modems

Hundreds of millions of cable modems are vulnerable to critical takeover attacks by hackers halfway around the world, researchers said. The attacks work by luring vulnerable users to websites that serve malicious JavaScript code that's surreptitiously hosted on the site or hidden inside of malicious ads, researchers from Denmark-based security firm Lyrebirds said in a report and accompanying website.