300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks
Over 300 drinking water systems that serve roughly 110 million people in the US are affected by vulnerabilities that could lead to service disruptions, a new report from the Environmental Protection Agency (EPA)'s Office of Inspector General (OIG) shows. A passive assessment of security defects in 1,062 drinking water systems that serve over 193 million individuals has revealed that a quarter of them could potentially fall victim to attacks. READ MORE...
Ransomware Attack on Oklahoma Medical Center Impacts 133,000
Great Plains Regional Medical Center in Oklahoma is notifying over 133,000 individuals that their personal information was compromised in a ransomware attack. The public, not-for-profit healthcare system discovered the attack on September 8, 2024, when ransomware was deployed, but the attackers had access to its systems for at least three days prior. According to the medical center, the attackers accessed and encrypted certain files between September 5 and September 8. READ MORE...
Keyboard robbers steal 171K customers' data from AnnieMac mortgage house
A major US mortgage lender has told customers looking to make the biggest financial transaction of their lives that an intruder broke into its systems and saw data belonging to 171,000 of them. American Neighborhood Mortgage Acceptance Company, which trades as AnnieMac Home Mortgage, said between August 21 and 23, an unknown intruder "viewed and/or copied" some customer data. READ MORE...
Malicious QR codes sent in the mail deliver malware
Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre (NCSC). The letters are sent as if they come from the official Swiss Federal Office of Meteorology and Climatology (MeteoSwiss) and they urge the recipient to install a new "severe weather app." READ MORE...
Botnet exploits GeoVision zero-day to install Mirai malware
A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. The flaw is tracked as CVE-2024-11120 and was discovered by Piort Kijewski of The Shadowserver Foundation. It is a critical severity (CVSS v3.1 score: 9.8) OS command injection problem, allowing unauthenticated attackers to execute arbitrary system commands on the device. READ MORE...
Microsoft revamps how it will disclose vulnerabilities
Microsoft will disclose vulnerabilities under the Common Security Advisory Framework, a move designed to help customers respond and remediate CVEs in a more efficient manner, the company said this week. CSAF is a format that is machine readable, which helps organizations digest the CVEs faster and in larger volumes. Customers will still be able to get CVE updates through the Microsoft security update guide or through an API based on the Common Vulnerability Reporting Framework. READ MORE...
More bugs in Palo Alto Expedition see active exploitation, CISA warns
The Cybersecurity and Infrastructure Security Agency warned Thursday that a vulnerability in Palo Alto Networks' firewall management software is actively being exploited in the wild, following last week's attacks that exploited other flaws in the same software. The two bugs in Palo Alto's Expedition tool, tracked as CVE-2024-9463 and CVE-2024-9465, could expose firewall credentials and affect versions 1.2.96 and below, according to the vendor alert. READ MORE...
Security plugin flaw in millions of WordPress sites gives admin access
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. Really Simple Security is a security plugin for the WordPress platform, offering SSL configuration, login protection, a two-factor authentication layer, and real-time vulnerability detection. Its free version alone is used in over four million websites. READ MORE...
- ...in 1872, Susan B. Anthony and 14 other women are arrested for illegally voting in that year's US presidential election.
- ...in 1928, Walt Disney releases "Steamboat Willie", the first animated cartoon with synchronized sound.
- ...in 1953, comics writer Alan Moore, the creator of "Watchmen" and "V For Vendetta", is born in Northampton, England.
- ...in 1966, Sandy Koufax, ace pitcher for the Los Angeles Dodgers, retires from baseball. He started as a basketball player for the University of Cincinnati Bearcats.
