<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/3/2024

SHARE

Top News

AT&T hit with class action suit over massive data breach

AT&T is facing a class action lawsuit stemming from its recent disclosure of a massive data security breach impacting as many as 73 million current and former customers. The telecommunications giant disregarded the rights of class members by "intentionally, willfully, recklessly, or negligently failing to take adequate and reasonable measures to ensure its data systems were protected against unauthorized intrusions," among other alleged missteps, according to the plaintiff, Ohio resident Alex Petroski. READ MORE...

Breaches

CISA asserts no data stolen during Ivanti-linked attack on the agency

A cyberattack targeting the Cybersecurity and Infrastructure Security Agency in late January impacted a pair of the agency's systems, a CISA spokesperson said Monday. A thus far unnamed threat actor gained access to the CISA Gateway, an integrated collection of vulnerability assessments and tools for critical infrastructure organizations, and the Chemical Security Assessment Tool, a repository of chemical plant security plans. READ MORE...


Missouri county declares state of emergency amid suspected ransomware attack

Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. "Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. READ MORE...

Hacking

Cyber review board blames cascading Microsoft failures for Chinese hack

A federal review board concluded in a scathing report Tuesday that the theft of a Microsoft signing key used to spy on senior U.S. officials was a preventable failure caused by the company's failure to appropriately prioritize security. Tuesday's report, the work of the independent Cyber Safety Review Board established by President Joe Biden, examines a breach that first came to light in July 2023, when hackers linked to China known as Storm-0558 were able to snoop on US government official emails. READ MORE...


Meet clickjacking's slicker cousin, 'gesture jacking,' aka 'cross window forgery'

Web browsers still struggle to prevent clickjacking, an attack technique first noted in 2008 that repurposes web page interface elements to deceive visitors. Despite continuing efforts to mitigate the risk through bug fixes and browser behavior changes, intrusive attack variations continue to emerge, leaving web developers to provide defenses where browsers fail to erect barriers. READ MORE...

Information Security

Hotel Self Check-In Kiosks Exposed Room Access Codes

Self check-in kiosks at Ibis Budget hotels in Germany and other European countries may have been affected by a vulnerability that exposed keypad codes which could be used to enter rooms, Swiss IT security assessment firm Pentagrid said on Tuesday. The Ibis Budget brand is owned by French hospitality giant Accor. According to the company's website, there are 600 Ibis Budget hotels across 20 countries. READ MORE...

Exploits/Vulnerabilities

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

A critical SQL injection vulnerability in the LayerSlider plugin can be exploited to extract sensitive information from website databases, WordPress security firm Defiant warns. A WordPress slider plugin with more than one million active installations, LayerSlider provides users with visual web content editing, digital visual effects, and graphic design capabilities in a single solution. READ MORE...


XZ Utils Backdoor Attack Brings Another Similar Incident to Light

The recent discovery of the XZ Utils backdoor has reminded a developer of the F-Droid open source Android app repository of a similar incident that occurred a few years ago. In late March, PostgreSQL maintainer Andres Freund alerted the cybersecurity industry of a backdoor he had discovered in the Liblzma (XZ Utils) data compression library, which is widely used by developers and is present by default in several Linux distributions. READ MORE...

On This Date

  • ...in 1886, singer and actor Arthur "Dooley" Wilson, known for his rendition of "As Time Goes By" in the 1942 classic "Casablanca", is born in Tyler, TX.
  • ...in 1968, the Rev. Dr. Martin Luther King, Jr. delivers his final speech, to striking sanitation workers in Memphis, TN. King would be assassinated the following evening.
  • ...In 1973, the first mobile cellular phone call is placed by Motorola employee Martin Cooper in New York City, to Bell Labs in New Jersey.
  • ...in 1974, A "Super Outbreak" of 178 tornadoes sweeps through the Midwest and South, including over 100 in Ohio alone.