<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/16/2023



Security firm Rubrik is latest to be felled by GoAnywhere vulnerability

Rubrik, the Silicon Valley data security company, said that it experienced a network intrusion made possible by a zero-day vulnerability in a product it used called GoAnywhere. In an advisory posted on Tuesday, Rubrik CISO Michael Mestrovich said an investigation into the breach found that the intruders gained access to mainly internal sales information, including company names and contact information, and a limited number of purchase orders from Rubrik distributors READ MORE...

Data Breach at Independent Living Systems Impacts 4 Million Individuals

Florida-based health services company Independent Living Systems (ILS) has started sending out notification letters to more than 4 million individuals to inform them of a data breach impacting their personal and medical information. Founded in 2001, ILS has 10 offices across the US and provides managed care organizations and providers with clinical and third-party administrative services. The company serves over 4.2 million individuals. READ MORE...


Hacker selling data allegedly stolen in US Marshals Service hack

A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service (USMS) servers. USMS is a Justice Department bureau that provides support to the federal justice system by executing federal court orders, assuring the safety of government witnesses and their families, seizing illegally obtained assets, and more. READ MORE...


FBI: Ransomware hit 860 critical infrastructure orgs in 2022

The Federal Bureau of Investigation (FBI) revealed in its 2022 Internet Crime Report that ransomware gangs breached the networks of at least 860 critical infrastructure organizations last year. However, given that the FBI's report only includes attacks reported to the Internet Crime Complaint Center (IC3), the actual number is likely higher. "The IC3 received 870 complaints that indicated organizations belonging to a critical infrastructure sector were victims of a ransomware attack," the FBI said. READ MORE...

Software Updates

Microsoft Patch Tuesday, March 2023 Edition

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction. The Outlook vulnerability (CVE-2023-23397) affects all versions of Microsoft Outlook from 2013 to the newest. READ MORE...

Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111

Mozilla announced this week the release of Firefox 111, which patches over a dozen vulnerabilities, including potentially serious issues. Of the 13 CVEs, seven have been assigned a 'high' severity rating. Three of them only impact Firefox for Android, and they can allow a hacker to hide fullscreen notifications - this can lead to user confusion or spoofing attacks - and open third-party apps without a prompt. READ MORE...


Not-so-private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets

ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers - a type of malware that steals or modifies the contents of the clipboard. All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets. This was the first time we have seen Android clippers focusing specifically on instant messaging. READ MORE...


Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns

Multiple threat groups were able breach a federal agency and steal data by exploiting a years-old Progress Telerik vulnerability in an unpatched Microsoft Internet Information Services (IIS) Web server - and the Cybersecurity and Infrastructure Security Agency (CISA) wants other IT security teams to be on the lookout for similar exposure. The Federal Civilian Executive Branch (FCEB) was compromised from last November to January 2023 after threat actors were able to exploit a Telerik vulnerability. READ MORE...

Science & Culture

OpenAI checked to see whether GPT-4 could take over the world

As part of pre-release safety testing for its new GPT-4 AI model, launched Tuesday, OpenAI allowed an AI testing group to assess the potential risks of the model's emergent capabilities-including "power-seeking behavior," self-replication, and self-improvement. While the testing group found that GPT-4 was "ineffective at the autonomous replication task," the nature of the experiments raises eye-opening questions about the safety of future AI systems. READ MORE...

On This Date

  • ...in 1751, President James Madison, known as the "Father of the Constitution" and cowriter of The Federalist Papers, is born in the Virginia Colony.
  • ...in 1926, physicist Robert Goddard launches the first ever liquid-propellant rocket (fueled by gasoline and liquid oxygen) from a field in Auburn, MA.
  • ...in 1995, the state of Mississippi formally ratifies the 13th Amendment, becoming the last state to approve the abolition of slavery, nearly 130 years after the fact.
  • ...in 2020, the Dow Jones Industrial Average falls by 2,997.10, the single largest point drop in history.