IT Security Newsletter - 3/21/2024
Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. The competition started with Haboob SA's Abdul Aziz Hariri using an Adobe Reader exploit that combined an API restriction bypass and a command injection bug to gain code execution on macOS to earn $50,000. READ MORE...
Fraudsters Are Posing As The FTC To Scam Consumers
The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be... FTC staff. In a warning published on its website, the FTC said that scammers were using its employees' real names to steal money from consumers. A typical ruse will see the bogus FTC staffer advising someone to wire or transfer money to "protect" it, send a victim to a Bitcoin ATM, or even demand that they buy gold bars and take it to someone for "safe-keeping." READ MORE...
'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign
An emerging and unsophisticated threat actor is spreading various types of malware with accounting report lures in a phishing campaign that relies on readily available malicious and legitimate software for its success. The active phishing campaign by an actor tracked as Fluffy Wolf demonstrates how even largely unskilled threat actors can leverage malware-as-a-service (MaaS) models to conduct successful cyberattacks, according to researchers from digital risk management firm Bi.Zone. READ MORE...
New Windows Server updates cause domain controller crashes, reboots
The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. Affected servers are freezing and rebooting because of a Local Security Authority Subsystem Service (LSASS) process memory leak introduced with the March 2024 cumulative updates for Windows Server 2016 and Windows Server 2022. READ MORE...
Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server
Atlassian on Tuesday announced patches for two dozen vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical-severity bug that could be exploited without user interaction. Tracked as CVE-2024-1597 (CVSS score of 10) and described as an SQL injection issue, the critical-severity flaw impacts the org.postgresql:postgresql third-party dependency of Bamboo Data Center and Server. READ MORE...
India's Android Users Hit by Malware-as-a-Service Campaign
A malware campaign offering malware-as-a-service (MaaS) is targeting Android users based in India. According to Broadcom, the campaign distributes malicious APK packages and seeks out banking information, SMS messages, and other sensitive information from a victim's device. This campaign is actively being exploited and distributed under the guise of helpful apps like customer support services, online bookings, or billing and courier services. READ MORE...
Gotta Hack 'Em All: Pokémon passwords reset after attack
Are you using the same passwords in multiple places online? Because if you use the same login credentials in different places online, you're behaving in a very risky way. If a cybercriminal breaches a system and steals the passwords used on one online service, you can bet your bottom dollar they won't waste any time before exploring if those same userid/password combinations might unlock other threats online. READ MORE...
Carmakers' shady data sharing takes spotlight in GM connected car scandal
Few Ars readers will have been surprised by the news from last week concerning General Motors' connected cars. As The New York Times reported, some owners of vehicles made by General Motors have been having a hard time getting car insurance. The reason? They unwittingly agreed to share their driving data with a third party. Now, at least one driver is suing. If more follow suit, this could be the push the industry needs to do better. READ MORE...
Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)
Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it "strongly encourages" them to implement the patch immediately. Ivanti Standalone Sentry is an appliance that acts as a gateway between devices and an organization's ActiveSync-enabled email servers or backend resource. READ MORE...
Vulnerability Allowed One-Click Takeover of AWS Service Accounts
Cybersecurity firm Tenable on Thursday disclosed the details of a one-click vulnerability that could have been exploited to take complete control of user accounts on an AWS service. The vulnerability, named FlowFixation by Tenable, has been patched by AWS and it can no longer be exploited, but the security company pointed out that its research uncovered a wider problem that may again emerge in the future. READ MORE...
- ...in 1963, Alcatraz Federal Penitentiary closes its doors as a maximum security prison.
- ...in 1965, Dr. Martin Luther King, Jr. leads 3,200 people in a third and final civil rights march from Selma to Montgomery, AL in support of voting rights.
- ...in 1980, President Jimmy Carter announces a U.S. boycott of the 1980 Summer Olympics in Moscow, in protest of the Soviet war in Afghanistan.
- ...in 1980, the TV series "Dallas" airs its third-season finale, leading to months of speculation about "Who Shot J.R.?"