FBI disrupts sophisticated Russian cyberespionage operation
One of the Russian government's most sophisticated long-running cyberespionage operations was hacked and disrupted by the FBI as part of a sprawling international effort, officials with the U.S. government announced Tuesday. The FBI operation dubbed "Medusa" targeted nearly 2o-year-old malware operated by Turla, a unit within the Federal Security Service of the Russian Federation, which has been known for years as one of Russia's premier cybersespionage outfits. READ MORE...
Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks. First up in May's zero-day flaws is CVE-2023-29336, which is an "elevation of privilege" weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. READ MORE...
Low-level motherboard security keys leaked in MSI breach, claim researchers
About a month ago, we wrote about a data breach notification issued by major motherboard manufacturer MSI. The company said: MSI recently suffered a cyberattack on part of its information systems. […] Currently, the affected systems have gradually resumed normal operations, with no significant impact on financial business. …] MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website. READ MORE...
Brightline breach hits at least 964,000 people, US records show
A pediatric behavioral health startup called Brightline informed its customers that their protected health data may have been stolen as part of a separate ransomware attack on a Brightline third-party service provider. "Based on the investigation, we identified a limited amount of protected health information/personal information in the files that the unauthorized party acquired," wrote Brightline in its public notice online. READ MORE...
Food distribution giant Sysco warns of data breach after cyberattack
Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. In an internal memo sent to employees on May 3rd and seen by BleepingComputer, the company revealed that customer and supplier data in the U.S. and Canada, as well as personal information belonging to U.S. employees, may have been impacted in the incident. READ MORE...
ICS Patch Tuesday: Siemens, Schneider Electric Address Few Dozen Vulnerabilities
Siemens and Schneider Electric's Patch Tuesday advisories for May 2023 address a few dozen vulnerabilities found in their products. Siemens has published six new advisories describing 26 vulnerabilities. The company has informed customers about two critical flaws in Siveillance Video products that can be exploited for authenticated remote code execution. Schneider Electric has published four new advisories that describe half a dozen vulnerabilities. READ MORE...
Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities
Chipmakers Intel and AMD both released security advisories this Patch Tuesday. They have informed customers about a total of more than 100 vulnerabilities found in their products. Intel has released 38 advisories covering over 80 vulnerabilities. The company has addressed nearly two dozen issues rated 'high severity.' AMD published two Patch Tuesday advisories: one describing 19 client vulnerabilities, and one covering 14 server vulnerabilities. READ MORE...
SAP Patches Critical Vulnerabilities With May 2023 Security Updates
German enterprise software maker SAP this week announced the release of 18 new security notes on its May 2023 Security Patch Day, including two 'hot news' notes that deal with critical vulnerabilities. One of the hot news notes resolves five vulnerabilities in the Reprise License Manager (RLM) 14.2 component of SAP 3D Visual Enterprise License Manager. READ MORE...
Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix
May's Patch Tuesday brings some good and some bad news, and if you're a glass-half-full type, you'd lead off with Microsoft's relatively low number of security fixes: a mere 38. Your humble vulture, however, is a glass-half-empty-and-who-the-hell-drank-my-whiskey kind of bird, so instead of looking on the bright side, we're looking at the two Microsoft bugs that have already been found and exploited by miscreants. Plus a third vulnerability, which has been publicly disclosed. We'd suggest patching these three stat. READ MORE...
56,000+ cloud-based apps at risk of malware exfiltration
The technology sector had the highest number of malware-infected employees, most exposed corporate credentials and the majority of all stolen cookies, according to SpyCloud. Drawing on SpyCloud's database of 400+ billion recaptured assets from the criminal underground, researchers analyzed 2.27 billion exposed dark web assets (including 423.28 million personally identifiable information (PII) assets) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees' email addresses. READ MORE...
- ...in 1869, a ceremonial golden spike is driven to connect the Central Pacific and Union Pacific railroads, officially dedicating the First Transcontinental Railroad.
- ...in 1899, classic Hollywood dancer and singer Fred Astaire is born in Omaha, NE.
- ...in 1962, Marvel Comics publishes the first issue of "The Incredible Hulk."
- ...in 1994, Nelson Mandela is inaugurated as South Africa's first Black president.
