IT Security Newsletter - 12/13/2022
Uber Breached, Again, After Attackers Compromise Third-Party Cloud
Uber has suffered yet another high-profile data leak that exposed sensitive employee and company data. This time, attackers breached the company by compromising an Amazon Web Services (AWS) cloud server used by a third party that provides Uber with asset management and tracking services. The incident happened over the weekend, when a threat actor named "UberLeaks" began posting data they claimed was stolen from Uber and Uber Eats. READ MORE...
Twitter confirms recent user data leak is from 2021 breach
Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. Twitter says its incident response team analyzed the user data leaked in November 2022 and confirms it was collected using the same vulnerability before it was fixed in January 2022. READ MORE...
CommonSpirit ransomware attack exposed personal information of 623K people, system says
CommonSpirit Health has told regulators that the protected health information of more than 623,700 people was comprised in a ransomware attack first announced in October. The health system reported the breach on Dec. 1 to the HHS, according to an online breach portal. The breach is now under investigation by HHS Office for Civil Rights. Providers are required to notify the HHS when breaches occur. READ MORE...
Play ransomware claims attack on Belgium city of Antwerp
The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp. Last week, Digipolis, the IT company responsible for managing Antwerp's IT systems, suffered a ransomware attack that disrupted the city's IT, email, and phone services. Local media reported that many of the city's Windows applications were no longer available, and City council member Alexandra d'Archambeau publicly tweeted that email was not available. READ MORE...
Citrix fixes critical ADC and Gateway zero-day exploited in attacks
Citrix is strongly urging admins to apply security updates for an actively exploited 'Critical' zero-day vulnerability in Citrix ADC and Gateway that allows a remote attacker to take control of a device. The new vulnerability is tracked as CVE-2022-27518 and allows an unauthenticated attacker to execute commands remotely on the appliance. Citrix is warning admins to install the latest update "as soon as possible" as the vulnerability is actively exploited in attacks. READ MORE...
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw
Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the flaw in the wild. A critical-level advisory from Fortinet described the bug as a memory corruption that allows a "remote unauthenticated attacker" to launch harmful code or execute commands on a target system. READ MORE...
Effective, fast, and unrecoverable: Wiper malware is popping up everywhere
Over the past year, a flurry of destructive wiper malware from no fewer than nine families has appeared. In the past week, researchers cataloged at least two more, both exhibiting advanced codebases designed to inflict maximum damage. On Monday, researchers from Check Point Research published details of Azov, a previously unseen piece of malware that the company described as an "effective, fast, and unfortunately unrecoverable data wiper." READ MORE...
Fleeing Twitter users face uncertain privacy, security features on alternative platforms
As Elon Musk has decimated Twitter's workforce and welcomed back some of the platform's most polarizing figures, many Twitter users have decided they've had enough of his chaos and are migrating to smaller, niche platforms. This influx of users to platforms such as Mastodon, Hive, and Post, which have a fraction of Twitter's resources, raises the question whether these social media upstarts can cope with the privacy and security concerns of a rapidly growing user base READ MORE...
Popular WAFs Subverted by JSON Bypass
Web application firewalls (WAFs) from five major vendors are vulnerable to malicious requests that use the popular JavaScript Object Notation (JSON) to obfuscate database commands and escape detection. That's according to application-security firm Claroty, whose researchers have found that WAFs produced by Amazon Web Services, Cloudflare, F5, Imperva, and Palo Alto fail to identify malicious SQL commands coded in the JSON format, allowing the forwarding of malicious requests to the back-end database. READ MORE...
- ...in 1925, actor and comedian Dick Van Dyke ("Mary Poppins", "The Dick Van Dyke Show") is born in West Plains, MO.
- ...in 1957, actor Steve Buscemi ("Fargo", "Boardwalk Empire") is born in New York City.
- ...in 1972, Apollo 17 astronauts Eugene Cernan and Harrison Schmitt begin their final EVA "moonwalk" on the lunar surface. They are still the last humans to set foot on the Moon.
- ...in 1978, the first Susan B. Anthony dollars are struck at the Philadelphia Mint.