Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021. "Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue," Olympus says in a statement published today, two days after the attack. READ MORE...
Threat hunters at Microsoft are raising the alarm about a new Iran-linked threat actor caught using password-spraying techniques to break into defense technology companies in the United States, Israel and parts of the Middle East. The Redmond, Wash. software giant on Monday shared technical details on UNC-0343, an Iran-linked apex actor that has been actively attempting to break into Office 365 accounts since at least July 2021. READ MORE...
Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability that is actively exploited in the wild in attacks targeting Phones and iPads. This vulnerability, tracked as CVE-2021-30883, is a critical memory corruption bug in the IOMobileFrameBuffer allowing an application to execute commands on vulnerable devices with kernel privileges. READ MORE...
The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document. Apache OpenOffice is an open-source office productivity suite that includes a word processor (Writer), a spreadsheet tool (Calc), a presentation editor (Impress), a vector graphics drawing editor (Draw), and more. READ MORE...
Microsoft revoked insecure SSH keys some Azure DevOps have generated using a GitKraken git GUI client version impacted by an underlying issue found in one of its dependencies. Azure DevOps is a Microsoft cloud service specifically designed for code development collaboration with an integrated set of features accessible through an integrated development environment (IDE) client or web browser. READ MORE...
Developers of Git GUI client GitKraken have addressed a vulnerability resulting in the generation of weak SSH keys, and they are prompting users to revoke and renew their keys. Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken. The security hole was identified in late September and was addressed with the release of GitKraken version 8.0.1. READ MORE...
Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available. The flaws were discovered nearly one year ago by researchers at industrial cybersecurity firm OTORIO in IR615 LTE routers made by industrial IoT solutions provider InHand Networks. READ MORE...