IT Security Newsletter - 3/22/2022
White House warns of possible Russian cyberstrike on US critical infrastructure
The Biden administration on Monday warned that it believes Russian state hackers may step up a cyber offensive that targets US organizations, particularly organizations in the private sector providing critical infrastructure. Administration officials stressed that they have yet to unearth any evidence of specific cyberattack plans. But in recent weeks, officials have said Kremlin-sponsored strikes on US-based computers and networks was a distinct possibility that security defenders should prepare for. READ MORE...
Over 1 Million Impacted in Data Breach at Texas Dental Services Provider
Dental and orthodontic care provider JDC Healthcare Management (JDC) has revealed that the information of a large number of Texans was compromised in a data breach discovered last year. JDC, which operates more than 70 Jefferson Dental & Orthodontics clinics, notified the Texas Attorney General's Office that the personal information of more than one million individuals was likely stolen during the cyberattack. READ MORE...
Bridgestone Hit as Ransomware Torches Toyota Supply Chain
On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters. Among other things, Bridgestone is a major supplier of tires for Toyota vehicles. This is notable because, only 11 days after Bridgestone's attack, another Toyota supplier - Denso Corp. - fell victim to its own ransomware attack. READ MORE...
Cyber company Okta is latest potential victim cited by Lapsus$ hackers
Identity authentication company Okta, which provides services to thousands of companies as well as U.S. government agencies, acknowledged Tuesday morning that it had investigated an incident in January that was related to screenshots posted online Monday night by a hacking group. "In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors," company Okta CEO Todd McKinnon tweeted. READ MORE...
Windows zero-day flaw giving admin rights gets unofficial patch, again
A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server. The locally exploited vulnerability in Windows User Profile Service is tracked as CVE-2021-34484 and was given a CVSS v3 score of 7.8. While exploits have been publicly disclosed in the past, they are not believed to be actively exploited in the wild. READ MORE...
Binarly Coordinates Patches for 3 Firmware Flaws With Dell
Firmware security company Binarly has discovered three new arbitrary code execution vulnerabilities in the System Management Mode components on Dell devices. All three memory corruption flaws in Dell BIOS have been assigned "high" severity ratings and a score of 8.2 on the Common Vulnerability Score System (CVSS). Running SMM bypasses built-in protections against modifications, which means attackers could potentially install firmware backdoors into the BIOS. READ MORE...
Hundreds of HP printer models vulnerable to remote code execution
HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. The first security bulletin warns about about a buffer overflow flaw that could lead to remote code execution on the affected machine. Tracked as CVE-2022-3942, the security issue was reported by Trend Micro's Zero Day Initiative team. READ MORE...
- ...in 1887, comedian/musician Leonard "Chico" Marx of the Marx Brothers is born in New York City.
- ...in 1946, American mathematician, computer scientist, and science fiction author Rudy Rucker is born in Louisville, KY.
- ...in 1993, Intel ships the first Pentium chips, featuring a 60 MHz clock speed, 100+ MIPS, and a 64-bit data path.
- ...in 1995, Cosmonaut Valeri Polyakov returns to Earth after spending nearly 438 consecutive days in space, a record that still stands today.