IT Security Newsletter - 4/25/2023
Exploit released for 9.8-severity PaperCut flaw already under attack
Exploit code for a critical printer software vulnerability became publicly available on Monday in a release that may exacerbate the threat of malware attacks that have already been underway for the past five days. The vulnerability resides in print management software known as PaperCut, which the company's website says has more than 100 million users from 70,000 organizations. When this post went live, the Shodan search engine showed that close to 1,700 instances of the software were exposed to the Internet. READ MORE...
New BIOS updates attempt to keep Ryzen 7000X3D processors from frying themselves
Over the weekend, users on Reddit and YouTube began posting about problems with AMD's newest Ryzen 7000X3D processors. In some cases, the systems simply stopped booting. But in at least one instance, a Ryzen 7800X3D became physically deformed, bulging out underneath and bending the pins on the motherboard's processor socket. In a separate post, motherboard maker MSI indicated that the damage "may have been caused by abnormal voltage issues." READ MORE...
North Korean Hackers Target Mac Users With New 'RustBucket' Malware
North Korea-linked BlueNoroff hackers have been observed using a new macOS malware family in recent attacks, cybersecurity firm Jamf reveals. Dubbed RustBucket and able to fetch additional payloads from its command-and-control (C&C) server, the malware has been attributed to the advanced persistent threat (APT) actor BlueNoroff, which is believed to be a subgroup of the infamous Lazarus hacking group. READ MORE...
New Data Sharing Platform Serves as Early Warning System for OT Security Threats
Several cybersecurity companies specializing in industrial control systems (ICS) and other operational technology (OT) have teamed up to create an open source information sharing platform that is designed to serve as an early warning system for critical infrastructure. The new project, named ETHOS (Emerging THreat Open Sharing), is a vendor-agnostic technology platform for sharing threat information anonymously and in real time across various industries. READ MORE...
Are Low-Code Apps a Ticking Access Control Time Bomb?
As low-code and no-code application development platforms gain more currency among business groups seeking speedy workarounds to long development backlogs, concerns about application security loom. The low-code movement increases software engineering agility by speeding up the work of developers and enabling nontechnical business users to create their own applications and add new features to existing tools without needing to engage the engineering team. READ MORE...
TP-Link Archer WiFi router flaw exploited by Mirai malware
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms. Researchers first abused the flaw during the Pwn2Own Toronto hacking event in December 2022, where two separate hacking teams breached the device using different pathways (LAN and WAN interface access). READ MORE...
Rethinking Safer AI: Can There Really Be a 'TruthGPT'?
Concerns over bias in emerging artificial intelligence (AI) tools received a fresh airing recently when billionaire Elon Musk talked about his plans to create a "maximum truth-seeking AI" as an alternative to OpenAI's Microsoft-backed ChatGPT and Google's Bard technologies. Musk has offered no timetable for his planned chatbot. But he has already established a new AI firm called X.AI, and has reportedly begun hiring AI staff from ChatGPT creator OpenAI as well as from Google. READ MORE...
- ...in 1940, actor Al Pacino ("The Godfather", "Serpico") is born in Manhattan, NY.
- ...in 1953, The magazine Nature publishes an article by biologists Francis Crick and James Watson, describing DNA's double helix structure.
- ...in 1960, The first fully submerged circumnavigation of the Earth is completed by a US Navy nuclear submarine, USS Triton.
- ...in 2000, the Cincinnati Bearcats retired the #4 jersey worn by power forward Kenyon Martin.