<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 10/5/2023

SHARE

Hacking

South Korea accuses North of Phish and Ships attack

South Korea's National Intelligence Service (NIS) has warned North Korea is attacking its shipbuilding sector. "Security recently reported that North Korea has targeted our shipbuilding companies to strengthen its naval military power," explained [PDF] the intelligence agency, via machine translation. According to the alert, the attacks were launched in August and September, with phishing emails sent to maritime industry employees and IT contractors. READ MORE...

Software Updates

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

Apple's cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down. The Cupertino device maker on Wednesday rushed out a new patch to cover a pair of serious vulnerabilities and warned that one of the issues has already been exploited as zero-day in the wild. In a barebones advisory, Apple said the exploited CVE-2023-42824 kernel vulnerability allows a local attacker to elevate privileges, suggesting it was used in an exploit chain in observed attacks. READ MORE...


Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Business software maker Atlassian on Wednesday called immediate attention to a major security defect in its Confluence Data Center and Server products and warned that the issue has already been exploited as zero-day in the wild. An urgent advisory from Atlassian confirms that "a handful of customers" were hit by exploits targeting a remotely exploitable flaw in Confluence Data Center and Server instances. READ MORE...

Malware

Hundreds of malicious Python packages found stealing sensitive data

A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads. The campaign has been monitored since early April by analysts at Checkmarx's Supply Chain Security team, who discovered 272 packages with code for stealing sensitive data from targeted systems. READ MORE...

Information Security

Researchers warn of 100,000 industrial control systems exposed online

About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems. Exposed ICSs include units (sensors, actuators, switches, building management systems, and automatic tank gauges) for critical infrastructure systems. READ MORE...


Meta is using your public Facebook and Instagram posts to train its AI

Post anything publicly on Facebook and Instagram? Meta has likely been using those posts to train its AI, according to the company's top policy executive. In an interview with Reuters, Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large language model) that feeds into its new Meta AI virtual assistant. Clegg said that Meta excluded private posts shared only with family and friends, as well as private chats on its messaging services. READ MORE...

Exploits/Vulnerabilities

'Looney Tunables' Bug Opens Millions of Linux Systems to Root Takeover

Attackers can now gain root privileges on millions of Linux systems - by exploiting an easy-to-exploit, newly discovered buffer overflow flaw in a common library used on most major distributions of the open source OS. Dubbed "Looney Tunables," the bug could mean "that's all, folks" for sensitive data, and could lead to even worse ramifications. Fedora, Ubuntu, and Debian are the systems most at risk from the bug. READ MORE...


Backdoored Android phones, TVs used for ad fraud - and worse!

A key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted, Human Security has announced. The company's Satori Threat Intelligence and Research Team observed more than 74,000 Android-based mobile phones, tablets, and CTV boxes showing signs of infection. READ MORE...

On This Date

  • ...in 1921, The World Series is broadcast on radio for the first time.
  • ...in 1947, US President Harry S Truman delivers the first televised White House address.
  • ...in 1962, the first James Bond film, "Dr. No", starring Sean Connery is released in theaters.
  • ...in 1969, "Monty Python's Flying Circus" debuts on BBC One.