<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/13/2022

SHARE

Top News

Russia's Sandworm hackers attempted a third blackout in Ukraine

More than half a decade has passed since the notorious Russian hackers known as Sandworm targeted an electrical transmission station north of Kyiv a week before Christmas in 2016, using a unique, automated piece of code to interact directly with the station's circuit breakers and turn off the lights to a fraction of Ukraine's capital. That unprecedented specimen of industrial control system malware has never been seen again, until now. READ MORE...

Hacking

RaidForums Gets Raided, Alleged Admin Arrested

The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world's largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums - 21-year-old Diogo Santos Coelho, of Portugal - with six criminal counts, including conspiracy, access device fraud and aggravated identity theft. READ MORE...

Software Updates

Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws. Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today's update, with ten classified as Critical as they allow remote code execution. The number of bugs in each vulnerability category is listed below. READ MORE...


SAP Releases Patches for Spring4Shell Vulnerability

German software maker SAP announced on Tuesday that more than 30 new and updated security notes were released on its April 2022 Security Patch Day, including notes that deal with the Spring4Shell vulnerability. Tracked as CVE-2022-22965, the vulnerability dubbed Spring4Shell impacts Spring, the most popular Java application development framework in the world, and could lead to the execution of code remotely. Security researchers have already observed attempts to exploit the flaw in the wild. READ MORE...


Citrix Patches Vulnerabilities in Several Products

Citrix this week announced patches for multiple vulnerabilities across its product portfolio, including a high-severity issue in SD-WAN. Tracked as CVE-2022-27505, the newly resolved high-severity issue in SD-WAN is a reflected cross-site scripting (XSS) vulnerability that exists because input isn't properly neutralized during web page generation. According to Citrix, both standard and premium editions of the SD-WAN appliance before version 11.4.3a are impacted. READ MORE...

On This Date

  • ...in 1861, after a 33-hour bombardment by Confederate cannon, Fort Sumter in Charleston Harbor surrenders.
  • ...in 1870, the Metropolitan Museum of Art is founded in New York City.
  • ...in 1984, Pete Rose becomes the first player in National League history to get 4,000 career hits.
  • ...in 1997, Tiger Woods becomes the youngest golfer to win golf's Masters Tournament, at the age of 21.