<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/9/2023


Top News

FBI investigates data breach impacting U.S. House members and staff

The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and sensitive personal information was stolen from DC Health Link's servers. DC Health Link is the organization that administers the health care plans of U.S. House members, their staff, and their families. Impacted individuals were notified today of the breach in an email from Catherine L. Szpindor, the U.S. House Chief Administrative Officer, as first reported by DailyCaller. READ MORE...


Iran-linked hackers used fake Atlantic Council-affiliated persona to target human rights researchers

On the face of it, the Twitter profile of a person calling herself Sara Shokouhi looks like any other earnest Middle East-focused researcher. Her tweets are a litany of retweets of various voices protesting the Iranian government. Her bio claims she's completed a PhD from Northwestern State University of Louisiana. At the top of her profile, the person calling herself Sara Shokouhi peers into the camera with her hands folded over a stack of books. READ MORE...

Information Security

Dole doesn't expect to recover full costs of ransomware attack

Dole officials said the company would not be able to fully recover costs related to a ransomware attack that temporarily disrupted its North American operations in February. The Dublin-based fresh produce giant said the attack had a limited overall impact on the company, but was particularly disruptive to its Chilean and fresh vegetables business, according to a filing with the U.S. Securities and Exchange Commission. READ MORE...

TSA Issues Urgent Directive to Make Aviation More Cyber Resilient

The Transportation Security Administration (TSA) announced a new set of cybersecurity requirements this week for airport and aircraft operators. The initiative constitutes "an emergency action," the TSA explained in a press release, urgent "because of persistent cybersecurity threats against US critical infrastructure, including the aviation sector." READ MORE...


Bitwarden flaw can let hackers steal passwords using iframes

Bitwarden's credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people's credentials and send them to an attacker. The issue was reported by analysts at Flashpoint, who said Bitwarden first learned of the problem in 2018 but chose to allow it to accommodate legitimate sites that use iframes. READ MORE...

Critical RCE Bug Opens Fortinet's Secure Web Gateway to Takeover

Fortinet is warning users to patch a critical remote code execution (RCE) vulnerability in the FortiOS operating system, and in the FortiProxy secure Web gateway. An alert this week from FortiGuard Labs said a heap buffer underflow bug in the administrative interface could allow an unauthenticated, remote cyberattacker to execute code on a device running the platforms. The vulnerability could also allow a threat actor to perform a denial-of-service (DoS) attack on the GUI of devices running the code. READ MORE...

Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks

Cisco this week announced patches for a high-severity denial-of-service (DoS) vulnerability in the IOS XR software for ASR 9000, ASR 9902, and ASR 9903 series enterprise routers. Tracked as CVE-2023-20049 (CVSS score of 8.6), the vulnerability impacts the bidirectional forwarding detection (BFD) hardware offload feature for the platform and can be exploited remotely, without authentication. READ MORE...

Science & Culture

Defeating the Deepfake Danger

As deepfakes quickly advance in terms of sophistication, they can be scarily convincing, as we've seen in some examples. And what's more, they're becoming increasingly popular with cybercriminals, as these technologies become even easier to use. The introduction of VALL-E, for instance, has raised new concerns about the ability to make deepfake voices quick and easy - in other words, quickfakes. READ MORE...

On This Date

  • ...in 1862, the Union ironclad warship USS Monitor fights CSS Virginia to a draw in the Battle of Hampton Roads, the first ever battle between two such vessels.
  • ...in 1933, FDR submits his Emergency Banking Act to Congress, in an attempt to stabilize the Depression-era banking system.
  • ...in 1934, Soviet cosmonaut Yuri Gagarin, the first human being to travel into space and achieve Earth orbit on the historic Vostok 1 mission, is born in Klushino, USSR.
  • ...in 1979, award-winning actor and musician Oscar Isaac ("Inside Llewyn Davis", "Star Wars: The Force Awakens") is born in Guatemala City, Guatemala.