<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 8/26/2021

SHARE

Top News

Microsoft: ProxyShell bugs "might be exploited," patch servers now!

Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions. ProxyShell is a collection of three security flaws (patched in April and May) discovered by Devcore security researcher Orange Tsai, who exploited them to compromise a Microsoft Exchange server during the Pwn2Own 2021 hacking contest. READ MORE...

Breaches

"Sophisticated" Cyber-Attack Compromises Patient Data at Private Health Clinic

Personal and clinical data of more than 73,000 patients have been affected by a "sophisticated ransomware cyber-attack" on a private medical clinic in Singapore. In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients' names, addresses, ID card numbers, contact details and clinical information. However, no credit card or bank account details were accessed or compromised in the incident. READ MORE...


Hack Exposes Personal Data of Entire Swiss Town: Report

A small Swiss town acknowledged late Wednesday that it had underestimated the severity of a cyberattack, following reports the personal data of the entire population was exposed online. The small, picturesque town of Rolle, on the shores of Lake Geneva, acknowledged last week that it had been the victim of ransomware attack, and that data on some administrative servers had been compromised. READ MORE...

Hacking

US Media, Retailers Targeted by New SparklingGoblin APT

An emerging international cybergang is broadening its targets to include North American media firms, universities and one computer retailer. The advanced persistent threat (APT) group is new, according to researchers who dubbed it SparklingGoblin. Also new is a novel backdoor technique, called SideWalk, used by the APT to penetrate cybersecurity defenses. READ MORE...

Exploits/Vulnerabilities

Critical F5 BIG-IP bug impacts customers in sensitive sectors

BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. The issues are part of this month's delivery of security updates, which addresses almost 30 vulnerabilities for multiple F5 devices. Of the thirteen high-severity flaws that F5 fixed, one could lead to complete system compromise. READ MORE...


Win10 Admin Rights Tossed Off by Yet Another Plug-In

It's not just Razer's mice and keyboards that gobble up Windows 10's tip-top, admin-level SYSTEM privileges: A SteelSeries bug also tosses off Windows 10 admin rights if you just plug in a device. … Or, then again, you can save yourself some cash by simply tricking an Android phone into thinking a local privilege-escalation (LPE) testing script is a real human. READ MORE...

On This Date

  • ...in 1920, the 19th Amendent is formally adopted into the U.S. Constitution, guaranteeing the right of women to vote.
  • ...in 1939, the Brooklyn Dodgers hosted the Cincinnati Reds in the first televised baseball game.
  • ...in 1952, puzzle creator and New York Times crossword editor Will Shortz is born in Crawfordsville, IN.
  • ...in 1957, the Ford Motor Company rolls out the first Edsel. It will be discontinued three years later.