IT Security Newsletter - 6/13/2024
Pure Storage comes forward as an early victim of Snowflake-linked attacks
Pure Storage confirmed an attacker gained access to its Snowflake environment, which contained telemetry data it uses for customer support services, the company said Tuesday in a security bulletin. "Telemetry information cannot be used to gain unauthorized access to customer systems," the data storage hardware and software vendor said. Information exposed by the attack includes company names, lightweight directory access protocol usernames, email addresses, etc. READ MORE...
White House report dishes deets on all 11 major government breaches from 2023
The number of cybersecurity incidents reported by US federal agencies rose 9.9 percent year-on-year (YoY) in 2023 to a total of 32,211, per a new White House report, which also spilled the details on the most serious incidents suffered across the government. Of the total number of incidents, the majority (38 percent) were classed as "improper usage," meaning a system was used in a way that violated the agency's acceptable use policies. READ MORE...
Phishing emails abuse Windows search protocol to push malicious scripts
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier (URI) that enables applications to open Windows Explorer to perform searches using specific parameters. While most Windows searches will look at the local device's index, it is also possible to force Windows Search to query file shares on remote hosts. READ MORE...
Pakistani Hacking Team 'Celestial Force' Spies on Indian Gov't, Defense
A Pakistani threat actor has been spying on Indian government-associated entities for at least six years now. A new report from Cisco Talos has collated years of cyber espionage by a group it calls "Cosmic Leopard," under the umbrella title "Operation Celestial Force." The Pakistan-based Cosmic Leopard overlaps with but as yet remains distinct from the threat actor known as Transparent Tribe. Cosmic Leopard's attacks focus on espionage and surveillance of India's government and defense sectors READ MORE...
Nvidia Patches High-Severity Flaws in GPU Drivers
Nvidia has issued 10 security alerts detailing vulnerabilities in the company's GPU drivers and virtualization software. The vulnerabilities, if successfully exploited, could allow attackers to steal or tamper with data, execute arbitrary code, or take control of programs, the company said. Considering Nvidia's growing prominence in artificial intelligence (AI) data centers, these attacks could cause significant damage. The company also patched the vGPU virtualization software stack. READ MORE...
Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day
A known ransomware group may have exploited a recently patched Windows privilege escalation vulnerability before Microsoft released a fix, Symantec reported on Wednesday. The flaw in question, tracked as CVE-2024-26169 and classified as 'important', has been described as a Windows error reporting service privilege escalation vulnerability that can allow an attacker to obtain System privileges. READ MORE...
SolarWinds file-transfer vulnerability ripe for exploitation, researchers warn
Researchers have reproduced a high-severity vulnerability in the SolarWinds Serv-U file-transfer service that is incredibly easy to exploit, according to a blog post from Stephen Fewer, principal security researcher at Rapid7. Companies should immediately patch the vulnerability, Fewer said Tuesday. The directory traversal vulnerability, listed as CVE-2024-28995, allows an unauthenticated attacker to read sensitive files on the targeted server. The vulnerability has a CVSS score of 8.6. READ MORE...
Update now! Google Pixel vulnerability is under active exploitation
Google has notified Pixel users about an actively exploited vulnerability in their phones' firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device. About the vulnerability, Google said there are indications it may be under limited, targeted exploitation. This could mean that the discovered attacks were very targeted, for example by state-sponsored actors or spyware. READ MORE...
- ...in 1966, Miranda rights are established by the Supreme Court, in their decision regarding Miranda v. Arizona.
- ...in 1970, The Beatles release their last #1 single, "The Long and Winding Road" from the "Let It Be" album.
- ...in 1971, the New York Times publishes The Pentagon Papers, revealing that the Vietnam War had been secretly expanded into Cambodia and Laos.
- ...in 1991, the volcanic Mt. Pinatubo in the Philippines begins to erupt for the first time in over 500 years, causing evacuations of a 40 km area near Manila.