IT Security Newsletter - 9/11/2024
Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including three actively exploited and one publicly disclosed zero-days. This Patch Tuesday fixed seven critical vulnerabilities, which were either remote code execution or elevation of privileges flaws. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5043076 cumulative update and Windows 10 KB5043064 update. READ MORE...
Intel Informs Customers About Over a Dozen Processor Vulnerabilities
Intel on Tuesday published security advisories to inform customers about more than 20 vulnerabilities found in processors and other products. The chip giant has published four new advisories. One of them covers 11 vulnerabilities affecting the UEFI firmware for some server, workstation, mobile and embedded processors, including Atom, Xeon, Pentium, Celeron, and Core series products. READ MORE...
Chinese hackers linked to cybercrime syndicate arrested in Singapore
Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." During raids on Monday, the police arrested six of the men and seized electronic devices with hacking tools installed and ready for carrying out cyberattacks, stolen personally identifiable information (PII), and credentials for servers known to be controlled by known hacker groups. READ MORE...
Rogue WHOIS server gives researcher superpowers no one should ever have
It's not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of servers-all in a single blow that cost only $20 and a few minutes to land. But that's exactly what happened recently to Benjamin Harris. Harris, the CEO and founder of security firm watchTowr, did all of this by registering the domain dotmobilregistry.net. READ MORE...
DockerSpy: Search for images on Docker Hub, extract sensitive information
DockerSpy scans Docker Hub for images and retrieves sensitive information, including authentication secrets, private keys, and other confidential data. DockerSpy was created to address the growing concern of sensitive data leaks within Docker images, especially those publicly available on DockerHub. Many developers unknowingly publish images containing secrets such as API keys, credentials, or other sensitive information. READ MORE...
'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks
Attackers are weaponizing an "ancient" version of Microsoft Word in a recent wave of attacks on Taiwanese drone makers that's delivering malware aimed at cyber espionage and disrupting the military- and satellite-related industrial supply chains. Researchers from the Acronis Threat Research Unit have discovered an attack they've dubbed "WordDrone" that uses a dynamic link library (DLL) side-loading technique common in the installation process of Microsoft Word. READ MORE...
Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens
A newly devised covert channel attack method could undermine diligently devised air gaps at highly sensitive organizations. In industrial control systems security, the term "air gap" is contested. It typically describes a total physical separation between networks - a literal gap through which no Wi-Fi signals, wires, etc., can pass. The most critical military, government, and industrial sites use air gaps to prevent Internet-based cyber threats from penetrating networks. READ MORE...
- ...in 1789. Alexander Hamilton is appointed the first United States Secretary of the Treasury.
- ...in 1941, ground is broken for the construction of the Pentagon.
- ...in 1985, Pete Rose becomes the all time MLB hits leader after getting his 4192nd hit.
- ...in 2001, agents of the al-Qaeda terrorist group hijack and crash three commercial airliners into the World Trade Center and Pentagon in a coordinated set of attacks.