IT Security Newsletter

IT Security Newsletter - 2/1/2022

Written by Cadre | Tue, Feb 1, 2022

Public Exploit Released for Windows 10 Bug

Security teams might have skipped January's Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It's a bug that now has a proof-of-concept exploit available in the wild. The exploit was released by Gil Dabah, founder and CEO of Privacy Piiano, who tweeted that he decided not to report the bug two years ago. READ MORE...

German petrol supply firm Oiltanking paralyzed by cyber attack

Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point. Because the firm supplies a total of 26 companies in the country with fuel, German media raised worries about shortages immediately, but officials came forth to appease them. READ MORE...

Aggressive BlackCat Ransomware on the Rise

BlackCat, the latest ransomware threat touted on underground forums, has quickly made inroads into the ransomware-as-a-service cybercriminal marketplace by offering 80% to 90% of ransoms to "affiliates" and aggressively outing victims on a name-and-shame blog. In less than a month, the BlackCat group has purportedly compromised more than a dozen victims and named those victims on its blog, according to recent analysis of the malware by researchers at Palo Alto Networks. READ MORE...

CISA adds 8 vulnerabilities to list of actively exploited bugs

The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new. The goal of publishing these vulnerabilities is to raise awareness and remind federal organizations of their obligation to apply security updates by a specified strict deadline. READ MORE...

Critical Flaw Impacts WordPress Plugin With 1 Million Installations

Over one million WordPress websites might have been impacted by a critical vulnerability in the Essential Addons for Elementor plugin. Essential Addons for Elementor provides WordPress site admins with more than 80 elements and extensions to help them easily design WordPress pages and posts. Affecting version 5.0.4 and earlier of the plugin, the security flaw allows any user to perform a local file inclusion attack, regardless of their authentication or authorization level. READ MORE...

  • ...in 1865, President Abraham Lincoln signs the Thirteenth Amendment to the US Constitution, abolishing slavery and involuntary servitude, except as punishment for a crime.
  • ...in 1893, Thomas Edison finishes construction of the first motion picture studio, nicknamed the "Black Maria", in New Jersey.
  • ...in 1942, comedian and medieval historian Terry Jones ("Monty Python's Flying Circus") is born in Wales, United Kingdom.
  • ...in 1964, the Beatles have their first #1 hit single in the US with "I Want To Hold Your Hand."