<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/28/2024

SHARE

Top News

'Skeleton Key' attack unlocks the worst of AI, says Microsoft

Microsoft on Thursday published details about Skeleton Key - a technique that bypasses the guardrails used by makers of AI models to prevent their generative chatbots from creating harmful content. As of May, Skeleton Key could be used to coax an AI model into explaining how to make (for example) a Molotov cocktail. The recipe for this not exactly a well-kept secret, but AI companies have insisted they're working to suppress harmful content buried within AI training data. READ MORE...


U.S. indicts Russian GRU hacker, offers $10 million reward

The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency prior to invading the country. The announcement from the Department of Justice (DoJ) says that in January 2022 Stigal and members of the GRU used a U.S.-based company to distribute the WhisperGate pseudo-ransomware to systems at dozens of Ukrainian government entities to destroy data. READ MORE...

Breaches

Chicago Children's Hospital Says 791,000 Impacted by Ransomware Attack

Ann & Robert H. Lurie Children's Hospital of Chicago is informing hundreds of thousands of individuals that their personal and health information has been compromised as a result of a ransomware attack. The children's hospital took many of its systems offline in late January in response to a cyberattack. The incident resulted in limited access to medical records, disruptions to a patient portal, and hampered communications. READ MORE...


Authenticator for X, TikTok Exposes Personal User Info for 18 Months

Swaths of personal data and documents belonging to users of the world's most popular apps have been exposed online for well over a year now, and may have leaked to cybercriminals a while ago. The company responsible for the leak, AU10TIX, is based in a suburb of Tel Aviv and specializes in identity verification via personal documents, biometrics, and more. Its customers include major companies like X, TikTok, LinkedIn, Coinbase, eToro, PayPal, Fiverr, Upwork, Bumble, Uber, and others. READ MORE...

Hacking

TeamViewer's corporate network was breached in alleged APT hack

The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. "On Wednesday, 26 June 2024, our security team detected an irregularity in TeamViewer's internal corporate IT environment," TeamViewer said in a post to its Trust Center. "We immediately activated our response team and procedures." READ MORE...

Software Updates

Fortra Patches Critical SQL Injection in FileCatalyst Workflow

Fortra this week announced patches for a critical-severity SQL injection vulnerability in FileCatalyst Workflow that could allow attackers to create administrative user accounts. Tracked as CVE-2024-5276 (CVSS score of 9.8) and affecting FileCatalyst Workflow version 5.1.6 Build 135 and earlier, the issue could also be exploited to modify application data, Fortra noted in an advisory. READ MORE...

Information Security

CDK restores service for small group of car dealers

The majority of CDK Global's car dealership customers are still operating without critical services in the wake of fallout from a cyberattack, which has had consequences extending into a second week. CDK Global said it's making progress recovering, but services won't be restored for all of its customers until June 30, according to an automated voice message service it set up to provide updates to customers. READ MORE...

Exploits/Vulnerabilities

Memory-unsafe code runs rampant in critical open-source projects

Just over half of critical open source projects are written in code using memory-unsafe languages, the FBI and Cybersecurity and Infrastructure Security Agency said in a report released Wednesday. The largest projects are disproportionately reliant on memory-unsafe languages, the agencies found. The report analyzed a total of 172 critical projects from the Open Source Security Foundation's Critical Projects Working Group. READ MORE...

On This Date

  • ...in 1846, Belgian inventor and musician Adolphe Sax patents the saxophone.
  • ...in 1914, Archduke Franz Ferdinand of Austria and his wife Sophie are assassinated by Yugoslavian nationalist Gavrilo Princip, sparking the events leading to World War I.
  • ...in 1926, film director and comedy legend Mel Brooks ("Blazing Saddles", "Young Frankenstein") is born in Brooklyn, New York.
  • ...in 1946, comedian and original 'Saturday Night Live" cast member Gilda Radner is born in Detroit, MI.