<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/15/2023

SHARE

Top News

Microsoft Patch Tuesday, February 2023 Edition

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year's special Valentine's Day Patch Tuesday includes fixes for a whopping three different "zero-day" vulnerabilities that are already being used in active attacks. Microsoft's security advisories are somewhat sparse with details about the zero-day bugs. READ MORE...

Breaches

Healthcare giant CHS reports first data breach in GoAnywhere hacks

Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer platform. The healthcare provider giant said on Monday that Fortra issued an alert saying that it had "experienced a security incident" leading to some CHS data being compromised. A subsequent investigation revealed that the resulting data breach affected the personal and health information of up to 1 million patients. READ MORE...

Hacking

Russian cybersecurity expert convicted of charges in $90M hack-to-trade case

A Russian national accused of hacking into two U.S. firms that prepare filings for publicly traded companies, and then trading on information before it was public, was found guilty by a federal jury in Boston Tuesday. Vladislav Klyushin, 42, the owner of cybersecurity firm M-13 in Moscow, was found guilty of conspiracy to obtain unauthorized access to computers, wire fraud and securities fraud. READ MORE...

Software Updates

Dozens of Vulnerabilities Patched in Intel Products

Intel this week announced patches for dozens of vulnerabilities across its product portfolio, including critical- and high-severity issues. The most severe of these flaws is CVE-2021-39296 (CVSS score of 10), which impacts the Integrated Baseboard Management Controller (BMC) and OpenBMC firmware of several Intel platforms. The bug was identified in 2021 in the netipmid (IPMI lan+) interface and could allow an attacker to obtain root access to the BMC, bypassing authentication using crafted IPMI messages. READ MORE...


ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric

Siemens and Schneider Electric have addressed a total of nearly 100 vulnerabilities with their February 2023 Patch Tuesday advisories. Siemens has published 13 new advisories covering a total of 86 vulnerabilities. The most significant vulnerability - based on its CVSS score of 10 - is a memory corruption issue that can lead to a denial-of-service (DoS) condition or arbitrary code execution in the Comos plant engineering software. READ MORE...


Adobe Plugs Critical Security Holes in Illustrator, After Effects Software

Software maker Adobe on Tuesday released security fixes for at least a half dozen vulnerabilities that expose Windows and macOS users to malicious hacker attacks. The Mountain View, Calif. company warned that the security problems exist on three of its most popular software products - Photoshop, Illustrator and After Effects. According to Adobe's security bulletins, the Illustrator and After Effects patches carry critical-severity ratings because of the risk of code execution attacks. READ MORE...

Malware

RedEyes hackers use new malware to steal data from Windows, phones

The APT37 threat group uses a new evasive 'M2RAT' malware and steganography to target individuals for intelligence collection. APT37, also known as 'RedEyes' or 'ScarCruft,' is a North Korean cyber espionage hacking group believed to be state-supported. In 2022, the hacking group was seen exploiting Internet Explorer zero-days and distributing a wide assortment of malware against targeted entities and individuals. READ MORE...

Information Security

Hospitals Sued for Using Meta's Ad-Tracking Code, Violating HIPAA

Two hospital networks in Louisiana are being hauled to court in a pair of class-action lawsuits that accuses the hospitals of deploying Meta Pixel ad-tracker code and sharing sensitive medical data with Facebook in violation of the US Health Insurance Portability and Accountability Act (HIPAA). LCMC Health Systems and Willis-Knighton Health Systems are being accused of deploying the Meta Pixel code on their sites, which shared patient information with Facebook. READ MORE...

Exploits/Vulnerabilities

Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack

Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The "Kia Challenge" started circulating in mid-2022 and explained that it's possible to remove the steering column covering on some Hyundai and Kia models by force, exposing a slot that fits a USB-A plug. Turning the plug activates its ignition, allowing thieves to drive away. READ MORE...

On This Date

  • ...in 1909, humanitarian Hermine "Miep" Gies, who helped hide Anne Frank's family during WWII, is born in Vienna, Austria.
  • ...in 1946, ENIAC, the world's first electronic general-purpose computer, is dedicated at the University of Pennsylvania.
  • ...in 1954, cartoonist Matt Groening, the creator of "The Simpsons" and "Futurama", is born in Portland, OR.
  • ...in 2001, the first draft of the complete human genome is published in the journal "Nature".