IT Security Newsletter - 12/13/2023
Microsoft Patch Tuesday, December 2023 Edition
The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known "zero-day" threats targeting any of the vulnerabilities in December's patch batch. Still, four of the updates pushed out today address "critical" vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device. READ MORE...
Ukraine's largest mobile communications provider down after apparent cyber attack
Ukraine's largest telecommunications provider suffered a major cyber attack Tuesday, the company said, knocking out mobile phone service to millions of people. Although the apparent attack on Kyivstar did not compromise customer data, mobile communications and access to the internet was down throughout the day, according to a statement the company issued on its Facebook page. READ MORE...
Ukrainian military says it hacked Russia's federal tax agency
?The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service (FNS), wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, military intelligence officers breached Russia's federal taxation service central servers and 2,300 regional servers across Russia and occupied Ukrainian territories. READ MORE...
Update now! Apple issues patches for older iPhones and other devices
Apple has issued emergency updates that include patches for older iOS devices concerning the two actively used zero-day vulnerabilities that were patched last week in newer devices. The updates may already have reached you if you automatically update, but it doesn't hurt to check if your device is at the latest update level. If a Safari update is available for your device, you can get it by updating your iPhone or iPad or updating your Mac. READ MORE...
Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle
Software maker Adobe on Tuesday rolled out fixes for code execution flaws in the enterprise-facing Illustrator, Substance 3D Sampler and After Effects products. As part of its scheduled batch of Patch Tuesday updates, Adobe documented at least 207 security vulnerabilities and warned users on both Windows and macOS systems of risk of code execution, memory leaks and denial-of-service attacks. READ MORE...
SAP Patches Critical Vulnerability in Business Technology Platform
German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day. Four of the December 2023 security notes have a severity rating of 'hot news', the highest in the company's notebook, but three of them are updates to previously released notes. The new hot news security note deals with multiple vulnerabilities in SAP Business Technology Platform (BTP). READ MORE...
A pernicious potpourri of Python packages in PyPI
ESET Research has discovered a cluster of malicious Python projects being distributed in PyPI, the official Python package repository. The threat targets both Windows and Linux systems and usually delivers a custom backdoor. In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both. In May 2023, we reported on another cluster of packages we found on PyPI that delivers password and cryptocurrency stealing malware. READ MORE...
Open access to AI foundational models poses various security and compliance risks, report finds
Overly accessible artificial intelligence foundation models could open companies up to malicious use, compliance failure and more, according to findings released Wednesday by the Institute for Security and Technology. IST's report outlines the risks that are directly associated with models of varying accessibility, including malicious use from bad actors to abuse AI capabilities and, in fully open models, compliance failures in which users can change models. READ MORE...
Avira antivirus causes Windows computers to freeze after boot
Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira's security software. A considerable number of Windows 11 and Windows 10 customers have experienced these system freezes, with most linking the issues to Avira. According to many of these reports on Reddit and Avira's own customer forums, affected computers usually start normally, but some fail to load the Windows desktop. READ MORE...
- ...in 1925, actor and comedian Dick Van Dyke ("Mary Poppins", "The Dick Van Dyke Show") is born in West Plains, MO.
- ...in 1957, actor Steve Buscemi ("Fargo", "Boardwalk Empire") is born in New York City.
- ...in 1972, Apollo 17 astronauts Eugene Cernan and Harrison Schmitt begin their final EVA "moonwalk" on the lunar surface. They remain the last humans to set foot on the Moon.
- ...in 1978, the first Susan B. Anthony dollars are struck at the Philadelphia Mint.