IT Security Newsletter - 3/13/2024
Stanford University Data Breach Impacts 27,000 Individuals
Stanford University has started notifying 27,000 individuals that their personal information was stolen in a ransomware attack on its Department of Public Safety (DPS). The incident was discovered on September 27, 2023, but the attackers had access to the Stanford DPS network beginning May 12. The hackers were evicted from the environment and the network was secured shortly after the attack was discovered, the university says. READ MORE...
Israeli Universities Hit by Supply Chain Cyberattack Campaign
Iranian hacktivists executed a supply chain attack on Israeli universities by initially breaching systems of a local technology provider to the academic sector. The self-styled Lord Nemesis group boasted online that it used credentials snatched from Rashim Software to break into the systems of the vendor's clients, universities, and colleges in Israel. The hack-and-leak operation began on or around November 2023 according to Op Innovate, an incident response firm that assisted one of the victim universities. READ MORE...
Krebs on Security: Patch Tuesday, March 2024 Edition
Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple's new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws. Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild. READ MORE...
Adobe Patches Critical Flaws in Enterprise Products
Software maker Adobe on Tuesday released a hefty batch of security updates to fix critical-severity vulnerabilities in multiple enterprise-facing products. The Patch Tuesday rollout contains fixes for code execution flaws in the oft-targeted Adobe ColdFusion, Adobe Premiere Pro, Adobe Bridge and Adobe Lightroom. The San Jose, Calif. company called urgent attention to a mega-update for its Adobe Experience Manager software. READ MORE...
FakeBat delivered via several active malvertising campaigns
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection. One malware family we have been tracking on this blog is FakeBat. It is very unique in that the threat actor uses MSI installers packaged with heavily obfuscated PowerShell code. READ MORE...
JetBrains says TeamCity servers exploited as it defends disclosure policies
JetBrains said its customers are reporting a range of exploitation activity linked to critical vulnerabilities in the on-premises version of TeamCity, as it defends its disclosure policies in a blog released Monday. JetBrains earlier this month notified customers about the two authentication bypass vulnerabilities, listed as CVE-2024-27198 and CVE-2024-27199, which threat actors are exploiting. READ MORE...
Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data
Three security vulnerabilities unearthed in the extension functions ChatGPT employs open the door to unauthorized, zero-click access to users' accounts and services, including sensitive repositories on platforms like GitHub. ChatGPT plug-ins and custom versions of ChatGPT published by developers extend the capabilities of the AI model, enabling interactions with external services by granting OpenAI's popular generative AI chatbot access and permissions to execute tasks on various third-party websites, including GitHub and Google Drive. READ MORE...
- ...in 1868, the impeachment trial of Andrew Johnson begins, the first ever pursued against an incumbent American president.
- ...in 1921, Mad Magazine artist Al Jaffee, who drew the long-running "Fold-In" feature for 56 years before retiring in 2020, is born in Savannah, GA. He turns 102 today!
- ...in 1942, the U.S. Army establishes the War Dog Program, AKA the "K-9 Corps." Later that same year, similar programs were started for the Navy, Marines, and Coast Guard.
- ...in 2013, Jesuit archbishop Jorge Bergoglio is elected Pope of the Roman Catholic Church, choosing the papal name of Francis.