IT Security Newsletter - 5/1/2023
Sensitive data is being leaked from servers running Salesforce software
Servers running software sold by Salesforce are leaking sensitive data managed by government agencies, banks, and other organizations, according to a post published Friday by KrebsOnSecurity. At least five separate sites run by the state of Vermont permitted access to sensitive data to anyone, Brian Krebs reported. The state's Pandemic Unemployment Assistance program was among those affected. READ MORE...
Hackers leak images to taunt Western Digital's cyberattack response
The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach. The leak comes after the threat actor warned Western Digital on April 17th that they would hurt them until they "cannot stand anymore" if a ransom was not paid. READ MORE...
Hackers use fake 'Windows Update' guides to target Ukrainian govt
The Computer Emergency Response Team of Ukraine (CERT-UA) says Russian hackers are targeting various government bodies in the country with malicious emails supposedly containing instructions on how to update Windows as a defense against cyber attacks. CERT-UA believes that the Russian state-sponsored hacking group APT28 (aka Fancy Bear) sent these emails and impersonated system administrators of the targeted government entities to make it easier to trick their targets. READ MORE...
Update now: Critical flaw in VMWare Fusion and VMWare Workstation
Four vulnerabilities in virtualisation software have been fixed by VMware, including two which were exploited at the 20223 Pwn2Own contest. Three have been given the severity rating "Important", with the last (CVE-2023-20869) is classed as "Critical". All four issues can be addressed by updating to the latest version of the affected software. At the time of writing these are VMware Fusion 13.0.2 and VMware Workstation 17.0.2. READ MORE...
Minecraft clones stealthily load ads on millions of Android devices
Boffins at McAfee have identified 38 Android apps in the Google Play store that unashamedly rip off the ever-popular gaming sensation Minecraft, but are actually designed to stealthily earn advertising revenue. The apps, which McAfee detects as Android/HiddenAds.BJL, load adverts in the background without the user's knowledge, and are estimated to have been downloaded some 35 million times onto Android devices. READ MORE...
Mac malware-for-hire steals passwords and cryptocoins, sends "crime logs" via Telegram
Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this "service" (and in this context, we don't mean that word in any sort of positive sense!) is that it was specifically built to help would-be cybercriminals target Mac users. READ MORE...
Reigning in 'Out-of-Control' Devices
Endpoint detection and response (EDR) has demonstrated clear value in protecting endpoints, and in many ways provides unique visibility into local processes. However, customers and prospects tell us their percentage of EDR coverage on endpoints is in the range of 60-70%. In other words, 40-30% of devices are out of their control. Not only are we blind to many devices currently connected to our networks and new devices being added every day, but also what these devices are doing. READ MORE...
Cisco Working on Patch for Vulnerability Reported by NATO Pentester
Cisco informed customers this week that it's working on a patch for a vulnerability found in the company's Prime Collaboration Deployment product by a member of NATO's Cyber Security Centre (NCSC). Prime Collaboration Deployment is a tool designed to assist in the management of Unified Communications (UC) applications. The security hole, identified as CVE-2023-20060, is a cross-site scripting (XSS) issue affecting the product's web-based management interface. READ MORE...
- ...in 1893, the World's Columbian Exposition opens in Chicago, with such attractions as the original Ferris Wheel and the first moving walkway.
- ...in 1930, the dwarf planet Pluto is officially named, based on a suggestion from an English schoolgirl, Venetia Burney.
- ...in 1931, the Empire State Building is dedicated in New York City. It remains the world's tallest building for nearly 40 years.
- ...in 1960, an American U-2 spy plane piloted by Gary Francis Powers is shot down while conducting espionage over the Soviet Union.
- ...in 1999, the cartoon series "SpongeBob SquarePants", created by former marine biologist Stephen Hillenburg, premieres on Nickelodeon.