<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/23/2023

SHARE

Top News

Cisco Finds New Zero-Day Bug, Pledges Patches in Days

Cisco said a patch for two actively exploited zero-day flaws in its IOS XE devices is scheduled to drop on Oct. 22. The first Cisco zero-day bug, tracked under CVE-2023-20198, was announced on Oct. 16 and has a severity rating of 10 out of 10. At the time it was discovered, it had already allowed threat actors to compromise more than 10,000 Cisco devices. On Oct. 19, Cisco said it believed the cyberattacks against its IOS XE devices were all being carried out by the same threat actor. READ MORE...


Okta attacked again, this time hitting its support system

A threat actor accessed an Okta support system administrator account with a stolen credential, marking the second string of attacks to hit the identity and access management provider or its customers' Okta environments since late July. The threat actor viewed files containing sensitive data, which were uploaded by some customers as part of recent support cases, Okta CSO David Bradbury said Friday in a blog post. READ MORE...

Breaches

City of Philadelphia discloses data breach after five months

The City of Philadelphia is investigating a data breach after attackers "may have gained access" to City email accounts containing personal and protected health information five months ago, in May. While officials discovered the incident on May 24 following suspicious activity in the City's email environment, the investigation found that the threat actors may have accessed emails in the compromised email accounts for at least two months after the City became aware of the incident. READ MORE...


American Family Insurance confirms cyberattack is behind IT outages

Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week. American Family Insurance (AmFam) is an insurance company focusing on commercial and personal property, casualty, auto, and life insurance, as well as offering investment and retirement planning The company employs 13,000 people and has a 2022 revenue of $14.4 billion. READ MORE...

Hacking

QNAP takes down server behind widespread brute-force attacks

QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital Ocean, took down the command-and-control server (used to control a botnet of hundreds of infected systems) within two days. READ MORE...

Exploits/Vulnerabilities

Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

Eight newly discovered vulnerabilities in the SolarWinds Access Rights Manager Tool (ARM) - including three deemed to be of critical severity - could open the door for attackers to gain the highest levels of privilege in any unpatched systems. As a broad IT management platform, SolarWinds occupies a uniquely sensitive place in corporate networks, as the world learned the hard way three years ago. READ MORE...

On This Date

  • ...in 1861, President Abraham Lincoln suspends the writ of habeas corpus in Washington, D.C. for all military-related cases.
  • ...in 1929, The first transcontinental air service begins from New York to Los Angeles.
  • ...in 1959, musical parodist and accordion virtuoso Alfred "Weird Al" Yankovic ("Eat It," "UHF") is born in Downey, CA.
  • ...in 1988, the classic 8-bit video game Super Mario Bros. 3 is released by Nintendo.