<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/12/2025

SHARE

Top News

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows and Windows Server. Both require the attacker to trick a target into mounting a malicious virtual hard disk. READ MORE...

Breaches

'Uber for nurses' exposes 86K+ medical records, PII in open S3 bucket for months

More than 86,000 records containing nurses' medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was left sitting in a wide-open misconfigured AWS S3 bucket for months before it was closed it last week. Cybersecurity researcher Jeremiah Fowler spotted the non-password-protected, unencrypted database on January 4 and reported it to ESHYFT, a New-Jersey-based company that bills itself as being "like an Uber for nurses." READ MORE...

Hacking

X suffered a DDoS attack. Its CEO and security researchers can't agree on who did it.

Social media service X was hit by a series of distributed denial-of-service attacks Monday, which rendered the platform formerly known as Twitter inaccessible at times for users with intermittent outages and errors, according to researchers. The cause of those attacks has been much harder to discern. Elon Musk, the site's owner, described the incident as a "massive cyberattack," but did not provide any evidence, and threat researchers have yet to back up that claim. READ MORE...

Software Updates

Patch Tuesday: Critical Code Execution Bugs in Adobe Acrobat and Reader

Software maker Adobe on Tuesday released fixes for at least 35 security flaws in a wide range of products, including serious code execution bugs in the widely deployed Acrobat and Reader applications. As part of its scheduled Patch Tuesday rollout, the San Jose, Calif. company called immediate attention to a high-severity bulletin documenting at least nine security defects in Adobe Acrobat and Reader for Windows and macOS. READ MORE...


ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens

Industrial giants Siemens and Schneider Electric have released their March 2025 Patch Tuesday ICS security advisories. The cybersecurity agency CISA has also published two advisories. Schneider Electric has published three new advisories to inform customers about three vulnerabilities affecting EcoStruxure products. The most serious is a critical issue in Power Automation System User Interface and Microgrid Operation Large. READ MORE...

Malware

MassJacker malware uses 778,000 wallets to steal cryptocurrency

A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. According to CyberArk, who discovered the MassJacker campaign, roughly 423 wallets linked to the operation contained $95,300 at the time of the analysis, but historical data suggests more significant transactions. Also, there's a single Solana wallet that the threat actors appear to use as a central money-receiving hub. READ MORE...

Information Security

Android devices track you before you even sign in

Google is spying on Android users, starting from even before they have logged in to their Google account. That's what researchers from Dublin's Trinity College found after they conducted a measurement study to investigate the cookies, identifiers and other data stored on Android devices by Google Play Services. The researchers found that multiple identifiers are used to track the user of an Android handset, even before they have opened a Google app or signed in to their Google account. READ MORE...

Exploits/Vulnerabilities

Whopping Number of Microsoft Zero-Days Under Attack

After a relatively quiet February, Microsoft this week dropped patches for six zero-day vulnerabilities that attackers are already actively exploiting in the wild, and 51 other bugs across the company's product range. The zero-days in Microsoft's March security update are just one shy of the company's all-time record of seven for a Patch Tuesday and will likely mean a sleepless week for the security teams that need to address the bugs before attackers can exploit them. READ MORE...

On This Date

  • ...in 1912, the Girl Scouts of the USA are formed as the "Girl Guides."
  • ...in 1922, Beat Generation writer Jack Kerouac ("On the Road", "The Dharma Bums") is born in Lowell, MA.
  • ...in 1930, Mahatma Gandhi begins his 200-mile Salt March to protest the British monopoly on salt in India.
  • ...in 1933, Franklin Delano Roosevelt gives his first Presidential address, which was also the first of his radio "fireside chats."