<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/25/2023


From Cadre's Experts

Managing Cybersecurity Through the Economic Downturn

Consider the economic downturn as part of a cyclical process. It puts everything in a better perspective. No longer is it something "happening" to us, but rather, an opportunity to expand and thrive in the aftermath of the slump. It's easy to apply this frame of mind to business operations, but why stop there? It is as applicable to cybersecurity. Wondering how? In this blog, we'll answer that - outlining specific ways to manage cybersecurity through the economic downturn. READ MORE...


Riot Games breached: How did it happen?

The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company's popular League of Legends online game. The company has also confirmed that source code for TFT (Teamfight Tactics) and a legacy anti-cheat platform (Packman) were exfiltrated by the attackers, but said they won't be paying the ransom. READ MORE...


North Korean APT Expands Its Attack Repertoire

The advanced persistent threat (APT) tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated (that is, has had its infrastructure abused by other hackers). TA444 is a North Korean state-sponsored threat group tracked by Proofpoint as actively targeting cryptocurrencies since at least 2017. READ MORE...


Appliance makers sad that 50% of customers won't connect smart appliances

Appliance makers like Whirlpool and LG just can't understand. They added Wi-Fi antennae to their latest dishwashers, ovens, and refrigerators and built apps for them-and yet only 50 percent or fewer of their owners have connected them. What gives? While the manufacturers blame technical constraints, some customers may simply not want to provide companies with vague privacy policies or bad histories with security access to their networks. READ MORE...

Software Updates

VMware fixes critical security bugs in vRealize log analysis tool

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. vRealize Log Insight (now known as VMware Aria Operations for Logs) is a log analysis and management tool that helps analyze terabytes of infrastructure and application logs in VMware environments. READ MORE...


New stealthy Python RAT malware targets Windows in attacks

A new Python-based malware has been spotted in the wild featuring remote access trojan (RAT) capabilities to give its operators control over the breached systems. Named PY#RATION by researchers at threat analytics company Securonix, the new RAT uses the WebSocket protocol to communicate with the command and control (C2) server and to exfiltrate data from the victim host. READ MORE...

Live Nation blames bots and an 'attack' for Taylor Swift fiasco

Ticketmaster was hit with record bot traffic that crippled its systems when hordes of Taylor Swift fans attempted to buy tickets in November ahead of the singer's upcoming U.S. tour, the company's president told the Senate Judiciary Committee Tuesday. The company suffered "three times the amount of bot traffic than we had ever experienced," as well as the targeting of the company's "Verified Fan access code servers," said Joe Berchtold, chief financial officer and president of Live Nation Entertainment. READ MORE...


Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones

A security researcher has published technical details on an Arm Mali GPU vulnerability leading to arbitrary kernel code execution and root on Pixel 6 phones using a malicious app installed on the targeted device. Tracked as CVE-2022-38181 (CVSS score of 8.8), the issue is described as a use-after-free bug that impacts Arm Mali GPU driver versions prior to r40p0 (released on October 7, 2022). READ MORE...


Fujitsu: Quantum computers no threat to encryption just yet

Research conducted by Fujitsu suggests there is no need to panic about quantum computers being able to decode encrypted data - this is unlikely to happen in the near future, it claims. Fujitsu said it ran trials using its 39-qubit quantum simulator hardware to assess how difficult it would be for quantum computers to crack data encrypted with the RSA cipher, using a Shor's algorithm approach. READ MORE...

On This Date

  • ...in 1890, pioneering journalist and adventurer Nellie Bly completes her around-the-world journey in only 72 days.
  • ...in 1925, the first Winter Olympics open in Chamonix, France.
  • ...in 1961, President John F. Kennedy becomes the first U.S. president to hold a live televised news conference.
  • ...in 1981, multi-award winning singer/songwriter Alicia Keys (born Alicia Augello Cook) is born in New York City.
  • ...in 2004, NASA rover Opportunity touches down on Mars. It will exceed its planned three-month lifespan by more than 14 years, finally shutting down in June 2018.