Stolen Microsoft key may have opened up a lot more than US govt email inboxes
A stolen Microsoft security key may have allowed Beijing-backed spies to break into a lot more than just Outlook and Exchange Online email accounts. Incredibly as it sounds, and it really does deserve wider coverage, someone somehow obtained one of Microsoft's internal private cryptographic keys used to digitally sign access tokens for its online services. With that key, the snoops were able to craft tokens to grant them access to Microsoft customers' email systems. READ MORE...
CISA warns govt agencies to patch Adobe ColdFusion servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two critical security flaws exploited in attacks, one of them as a zero-day. According to the binding operational directive (BOD 22-01) issued by CISA in November 2021, Federal Civilian Executive Branch Agencies (FCEB) are required to patch their systems against all bugs added to the Known Exploited Vulnerabilities (KEV) catalog. READ MORE...
Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo
Atlassian has released patches for two remote code execution (RCE) vulnerabilities in Confluence Data Center and Server and another in Bamboo Data Center. The most severe of these issues, tracked as CVE-2023-22508 (CVSS score of 8.5), was introduced in Confluence version 7.4.0. The second bug, tracked as CVE-2023-22505 (CVSS score of 8.0), was introduced in Confluence version 8.0.0. READ MORE...
OpenAI, Google will watermark AI-generated content to hinder deepfakes, misinfo
Seven companies-including OpenAI, Microsoft, Google, Meta, Amazon, Anthropic, and Inflection-have committed to developing tech to clearly watermark AI-generated content. That will help make it safer to share AI-generated content without misleading others about the authenticity of that content, the Biden administration hopes. It's currently unclear how the watermark will work, but it will likely be embedded in the content so that users can trace its origins to the AI tools used to generate it. READ MORE...
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1
Organizations that have yet to patch a 9.8-severity vulnerability in network devices made by Zyxel have emerged as public nuisance No. 1 as a sizable number of them continue to be exploited and wrangled into botnets that wage DDoS attacks. Zyxel patched the flaw on April 25. Five weeks later, Shadowserver, an organization that monitors Internet threats in real time, warned that many Zyxel firewalls and VPN servers had been compromised in attacks that showed no signs of stopping. READ MORE...
Netscaler ADC bug exploited to breach US critical infrastructure org
The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. The Cybersecurity and Infrastructure Security Agency (CISA) says that the attack occurred in June and hackers used their access to steal Active Directory data. READ MORE...
- ...in 1911, American archeologist Hiram Bingham re-discovers the lost Incan citadel of Machu Picchu in the Peruvian mountains.
- ...in 1943, WWII's Operation Gomorrah begins, with UK and American bombers raiding Hamburg over the course of four months.
- ...in 1958, US Vice President Richard Nixon and Soviet Premier Nikita Khrushchev have their famous "Kitchen Debate" at the American National Exhibition in Moscow.
- ...in 1969, Apollo 11 splashes down safely in the Pacific Ocean. Two years later, Mission Commander Neil Armstrong becomes a professor at the University of Cincinnati.
