<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/14/2024


From Cadre's Experts

The Evolution and Future of Ransomware

The history of ransomware spans over 30 years. The first specimen, known as the AIDS Trojan, was delivered via physical media using the postal system, and, upon its discovery, was quickly remediated by the security industry. More recent examples have proven comparatively more devastating, most notably the Colonial Pipeline incident, which caused fuel shortages and widespread disruption to much of the US East Coast. READ MORE...


Panera warns of employee data breach after March ransomware attack

U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. The company and its franchises own 2,160 cafes under the names Panera Bread or Saint Louis Bread Co, spread across 48 states in the U.S. and Ontario, Canada. In breach notification letters filed with the Office of California's Attorney General, Panera said it detected what it describes as a "security incident." READ MORE...

Truist Bank confirms breach after stolen data shows up on hacking forum

Leading U.S. commercial bank Truist confirmed its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. Headquartered in Charlotte, North Carolina, Truist Bank was formed after SunTrust Banks and BB&T (Branch Banking and Trust Company) merged in December 2019. Now a top-10 commercial bank with total assets of $535 billion, Truist offers a wide range of banking services. READ MORE...


Ukrainian cops collar Kyiv programmer believed to be Conti, LockBit linchpin

An alleged cog in the Conti and LockBit ransomware machines is now in handcuffs after Ukrainian police raided his home this week. The 28-year-old Kyivan's identity is being kept a secret for now, but he faces a potential maximum sentence of 15 years if found guilty of violating the Criminal Code of Ukraine relating to the abuse of computer systems. According to the authorities' description, the individual played a significant role in both the Conti and LockBit operations. READ MORE...

Software Updates

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

Rockwell Automation this week informed customers that it has patched three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software. The industrial automation giant has published individual advisories for each of these flaws, all of which were found internally by the company. One of them, CVE-2024-37368, has been described as a user authentication issue that can lead to information leakage. READ MORE...

Microsoft delays Recall again, won't debut it with new Copilot+ PCs after all

Microsoft will be delaying its controversial Recall feature again, according to an updated blog post by Windows and Devices VP Pavan Davuluri. And when the feature does return "in the coming weeks," Davuluri writes, it will be as a preview available to PCs in the Windows Insider Program, the same public testing and validation pipeline that all other Windows features usually go through before being released to the general populace. READ MORE...


Ukraine busts SIM farms targeting soldiers with spyware

Infrastructure that enabled two pro-Russia Ukraine residents to break into soldiers' devices and deploy spyware has been dismantled by the Security Service of Ukraine (SSU). Thousands of mobile numbers and Telegram accounts were being run by what Ukrainian authorities are calling bot farms, which look an awful lot like SIM farms from the images they shared, and abused by Russian intelligence services. READ MORE...


CISA Warns of Progress Telerik Vulnerability Exploitation

The US cybersecurity agency CISA on Thursday warned federal agencies of the ongoing exploitation of a recently patched authentication bypass vulnerability in Progress Software's Telerik Report Server. Disclosed in late May and tracked as CVE-2024-4358 (CVSS score of 9.8), the issue exists because, in version 2024 Q1 ( and earlier iterations of the reporting tool, the current installation setup was not properly validated. READ MORE...

On This Date

  • ...in 1777, the Continental Congress adopts "The Stars and Stripes" as the flag of the United States of America.
  • ...in 1900, Hawaii becomes a United States territory.
  • ...in 1942, Anne Frank begins writing in the diary she received for her 13th birthday.
  • ...in 1951, UNIVAC I, the first US-produced commercial computer, is dedicated by the US Census Bureau.