IT Security Newsletter - 1/5/2024
23andMe told victims of data breach that suing is futile, letter shows
23andMe is "shamelessly" blaming victims of a data breach impacting 6.9 million users, a lawyer representing victims pursuing a class-action lawsuit, Hassan Zavareei, told TechCrunch. Zavareei shared a letter from 23andMe lawyers that urged users suing to "consider the futility of continuing to pursue an action in this case," because their claims are allegedly meritless and "the information that was potentially accessed cannot be used for any harm." READ MORE...
Memorial University recovers from cyberattack, delays semester start
The Memorial University of Newfoundland (MUN) continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus. MUN is the largest public university in Atlantic Canada, with an academic and administrative staff of 3,800, and over 19,000 students from 100 countries. On December 29, the university detected a cyberattack and activated security protocols that included isolating impacted systems and launching an investigation. READ MORE...
Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam
Anyone can get scammed. If you think you're somehow immune to being scammed, then, in my opinion, you're a prime target for being scammed. No one is too big, too clever, too security-savvy to avoid being duped because it's only human to make a mistake and screw up. And that certainly seems to be the case with Bill Lou. READ MORE...
Russian hackers reportedly breached telecom network months before attack
The Russian hackers that targeted Ukraine's largest telecommunications provider in December, knocking out mobile phone and home internet service to roughly 24 million people, were in the company's networks for months before wiping "almost everything," a senior Ukrainian government official said in an interview published Thursday. The attack was likely the work of the potent Russian military intelligence hacking unit known as "Sandworm." READ MORE...
LastPass enforces 12-character master password lengths
LastPass is requiring customers to increase the complexity and length of their master passwords to at least 12 characters, the company said Tuesday. The password manager made 12-character master password lengths a default setting starting in 2018, but customers could still, until now, create a less complex master password with fewer characters. LastPass sent notices of the change to consumer customers this week and will inform business customers on Jan. 10, a company spokesperson said. READ MORE...
Ivanti Patches Critical Vulnerability in Endpoint Manager
Enterprise software provider Ivanti on Thursday warned of a critical-severity vulnerability in its Endpoint Manager (EPM) product that could be exploited for remote code execution (RCE). Tracked as CVE-2023-39336, the issue is described as an SQL injection bug that could allow an attacker that has access to the internal network to "execute arbitrary SQL queries and retrieve output without the need for authentication". READ MORE...
US Says 19 People Charged Following 2019 Takedown of xDedic Cybercrime Marketplace
The US Justice Department announced on Thursday that 19 people involved in the management and use of the xDedic cybercrime marketplace have been charged following its takedown in 2019. The xDedic Marketplace was a site on the dark web where users sold and bought stolen server credentials and personal information. Authorities said over 700,000 credentials associated with servers housed by government, healthcare, transportation, higher education, financial and other types of organizations. READ MORE...
January 2024 Patch Tuesday forecast: A Focus on Printing
Happy 2024 Everyone! I hope everyone is looking forward to another exciting year in the ever-changing world of IT operations and software security. This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. I hope you continue to find it valuable and check in every month. READ MORE...
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches
Unknown groups have launched probes against a zero-day vulnerability identified in Apache's OfBiz enterprise resource planning (ERP) framework - an increasingly popular strategy of analyzing patches for ways to bypass software fixes. The 0-day vulnerability (CVE-2023-51467) in Apache OFBiz, disclosed on Dec. 26, allows an attacker to access sensitive information and remotely execute code against applications using the ERP framework. READ MORE...
- ...in 1914, "Adventures of Superman" actor George Reeves is born in Woolstock, IA.
- ...in 1932, philosopher and author Umberto Eco ("The Name of the Rose", "Foucault's Pendulum") is born in Piedmont, Italy.
- ...in 1933, construction on the Golden Gate Bridge begins.
- ...in 1941, Academy Award-winning animation director Hayao Miyazaki ("Spirited Away", "My Neighbor Totoro") is born in Tokyo, Japan.