IT Security Newsletter - 11/8/2023
Atlassian cranks up the threat meter to max for Confluence authorization flaw
Atlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10. The company overhauled its security advisory for CVE-2023-22518 after it realized there had been a "change in the scope of the attack" on Monday. In its original advisory, the Aussie-headquartered vendor said exploitation of the vulnerability by an unauthenticated user could lead to "significant data loss." READ MORE...
Cancer treatments cancelled after Canadian hospitals hit by ransomware attack
A ransomware attack impacting five hospitals in southwestern Ontario, Canada, has seen hackers gain access to a database containing 5.6 million patient visits, and the social insurance numbers of over 1400 employees. The attack against IT service provider TransForm, which took place on October 23, resulted in outages in IT systems at multiple hospital locations in the area, leaving patients facing appointment delays and cancelled surgeries. READ MORE...
Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach
The Monero Project is admitting that one of its wallets was drained by an unknown source in September, losing the equivalent of around $437,000 at today's exchange rate. A Monero Project maintainer who goes by the alias of Luigi announced on November 2 that the project's community crowdfunding system (CCS) wallet was drained of 2,675.73 XMR on September 1. READ MORE...
Sumo Logic discloses potential breach via compromised AWS credential
Cloud-native big data and security analytics firm Sumo Logic is investigating a potential security incident within their platform, the company revealed on Tuesday. "On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security incident. The activity identified used a compromised credential to access a Sumo Logic AWS account," the company said in its security notice. READ MORE...
Marina Bay Sands Discloses Data Breach Impacting 665k Customers
Singapore's Marina Bay Sands luxury resort revealed on Tuesday that 665,000 of its customers are impacted by a recent data breach. The incident affects Marina Bay Sands' shopping loyalty program members. There is no indication to date that the Sands Rewards Club casino rewards program was impacted as well. The resort, which is owned by US casino and resort giant Las Vegas Sands, discovered on October 20 that an unauthorized third-party had gained access to shopping membership program data on October 19 and 20. READ MORE...
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
North Korean state hackers have debuted a fresh Mac malware targeting users in the US and Japan, which researchers characterize as "dumbed down" but effective. An arm of the DPRK's notorious Lazarus Group, BlueNoroff has been known to raise money for the Kim regime by targeting financial institutions - banks, venture capital firms, cryptocurrency exchanges and startups - and the individuals who use them. READ MORE...
Using ChatGPT to cheat on assignments? New tool detects AI-generated text with amazing accuracy
ChatGPT and similar Large language models (LLMs) can be used to write texts about any given subject, at any desired length at a speed unmatched by humans. So it's not a surprise that students have been using them to "help" write assignments, much to the dismay of teachers who prefer to receive original work from actual humans. In fact, in Malwarebytes' recent research survey, we found that 40% of people had used ChatGPT or similar to help complete assignments. READ MORE...
CVSS 4.0 Offers Significantly More Patching Context
The latest version of the Common Vulnerability Scoring System (CVSS version 4.0), released last week, should enable organizations to better assess and manage the risk that a security bug might pose to their specific environments. However, how helpful it really is will depend on their willingness and ability to use all the new metrics in CVSS 4.0 to build the context needed for smarter vulnerability prioritization. READ MORE...
QNAP warns about critical vulnerabilities in NAS systems
QNAP has published a security advisory about two critical vulnerabilities that could allow remote attackers to execute commands via a network. One of the vulnerabilities affects the QTS and QuTS operating systems (OS) for QNAP's network attached storage systems (NAS). The second one can be found in versions of QTS, the Multimedia Console, and the Media Streaming add-on. READ MORE...
Critical Vulnerabilities Expose Veeam ONE Software to Code Execution
Veeam Software has rolled out patches for four severe security vulnerabilities that expose users of its Veeam ONE product to remote code execution attacks. The Ohio company issued an urgent advisory to document the flaws, which include a pair of critical issues with CVSS severity scores of 9.9 out of 10. An IT monitoring and analytics solution, Veeam ONE provides organizations with real-time monitoring, management reporting, and business documentation for Veeam's backup products. READ MORE...
- ...in 1836, American businessman and game publisher Milton Bradley is born in Vienna, ME.
- ...in 1847, Anglo-Irish novelist Bram Stoker, author of "Dracula", is born in Dublin.
- ...in 1960, John F. Kennedy defeats Richard M. Nixon to become the 35th president of the United States.
- ...in 1972, HBO transmits its first evening of programming (the 1971 film "Sometimes A Great Notion") to 325 subscribers in Wilkes-Barre, PA.