Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year's special Valentine's Day Patch Tuesday includes fixes for a whopping three different "zero-day" vulnerabilities that are already being used in active attacks. Microsoft's security advisories are somewhat sparse with details about the zero-day bugs. READ MORE...
Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer platform. The healthcare provider giant said on Monday that Fortra issued an alert saying that it had "experienced a security incident" leading to some CHS data being compromised. A subsequent investigation revealed that the resulting data breach affected the personal and health information of up to 1 million patients. READ MORE...
A Russian national accused of hacking into two U.S. firms that prepare filings for publicly traded companies, and then trading on information before it was public, was found guilty by a federal jury in Boston Tuesday. Vladislav Klyushin, 42, the owner of cybersecurity firm M-13 in Moscow, was found guilty of conspiracy to obtain unauthorized access to computers, wire fraud and securities fraud. READ MORE...
Intel this week announced patches for dozens of vulnerabilities across its product portfolio, including critical- and high-severity issues. The most severe of these flaws is CVE-2021-39296 (CVSS score of 10), which impacts the Integrated Baseboard Management Controller (BMC) and OpenBMC firmware of several Intel platforms. The bug was identified in 2021 in the netipmid (IPMI lan+) interface and could allow an attacker to obtain root access to the BMC, bypassing authentication using crafted IPMI messages. READ MORE...
Siemens and Schneider Electric have addressed a total of nearly 100 vulnerabilities with their February 2023 Patch Tuesday advisories. Siemens has published 13 new advisories covering a total of 86 vulnerabilities. The most significant vulnerability - based on its CVSS score of 10 - is a memory corruption issue that can lead to a denial-of-service (DoS) condition or arbitrary code execution in the Comos plant engineering software. READ MORE...
Software maker Adobe on Tuesday released security fixes for at least a half dozen vulnerabilities that expose Windows and macOS users to malicious hacker attacks. The Mountain View, Calif. company warned that the security problems exist on three of its most popular software products - Photoshop, Illustrator and After Effects. According to Adobe's security bulletins, the Illustrator and After Effects patches carry critical-severity ratings because of the risk of code execution attacks. READ MORE...
The APT37 threat group uses a new evasive 'M2RAT' malware and steganography to target individuals for intelligence collection. APT37, also known as 'RedEyes' or 'ScarCruft,' is a North Korean cyber espionage hacking group believed to be state-supported. In 2022, the hacking group was seen exploiting Internet Explorer zero-days and distributing a wide assortment of malware against targeted entities and individuals. READ MORE...
Two hospital networks in Louisiana are being hauled to court in a pair of class-action lawsuits that accuses the hospitals of deploying Meta Pixel ad-tracker code and sharing sensitive medical data with Facebook in violation of the US Health Insurance Portability and Accountability Act (HIPAA). LCMC Health Systems and Willis-Knighton Health Systems are being accused of deploying the Meta Pixel code on their sites, which shared patient information with Facebook. READ MORE...
Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The "Kia Challenge" started circulating in mid-2022 and explained that it's possible to remove the steering column covering on some Hyundai and Kia models by force, exposing a slot that fits a USB-A plug. Turning the plug activates its ignition, allowing thieves to drive away. READ MORE...