IT Security Newsletter

IT Security Newsletter - 9/12/2024

Written by Cadre | Thu, Sep 12, 2024

Healthcare Provider to Pay $65M Settlement Following Ransomware Attack

Pennsylvania healthcare provider Lehigh Valley Health Network (LVHN) has reached a $65 million settlement in a class-action suit filed over a 2023 data breach. LVHN disclosed the incident in late February 2023, revealing that the attackers had access to its network beginning early January, that ransomware was deployed in early February, and that data was stolen from its network, mainly impacting Lehigh Valley Physician Group (LVPG) - Delta Medix. READ MORE...

Palo Alto Networks Patches Dozens of Vulnerabilities

Palo Alto Networks on Wednesday informed customers about the availability of patches for dozens of vulnerabilities affecting its PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser products. Based on its severity rating of 'high', the most important advisory describes CVE-2024-8686, a PAN-OS command injection vulnerability that allows an authenticated attacker with admin privileges to bypass system restrictions and run arbitrary commands on the firewall as root. READ MORE...

WordPress.org to require two-factor authentication for plugin developers

Developers rejoice: WordPress.org will be beefing up default security practices by requiring accounts to enable two-factor authentication if they have direct access to the codebases that power plugins and themes. The move, which will take effect Oct. 1, is aimed at preventing hijacked developer accounts from spreading malicious code to the likely hundreds of millions of sites using the free blogging software, the organization announced. READ MORE...

Fake password manager coding test used to hack Python developers

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. The attacks are part of the 'VMConnect campaign' first detected in August 2023, where the threat actors targeted software developers with malicious Python packages uploaded onto the PyPI repository. READ MORE...

Amateurish 'CosmicBeetle' Ransomware Stings SMBs in Turkey

A cybercriminal group - or individual - known as "CosmicBeetle" is exploiting vulnerabilities in technologies used by small businesses in Turkey, as well as Spain, India, and South Africa. The goal is to install ransomware that - unfortunately for victims - sometimes has glitches. Likely based in Turkey, the ransomware attacker operates at a fairly "low level of sophistication" and is currently developing ransomware that demonstrates a "rather chaotic encryption scheme." READ MORE...

About that Windows Installer 'make me admin' security hole. Here's how it's exploited

In this week's Patch Tuesday Microsoft alerted users to, among other vulnerabilities, a flaw in Windows Installer that can be exploited by malware or a rogue user to gain SYSTEM-level privileges to hijack a PC. The vulnerability, CVE-2024-38014, was spotted and privately disclosed by security shop SEC Consult, which has now shared the full details of how this attack works. The researcher has released an open source tool to scan a system for Installer files that can be abused. READ MORE...

Adobe fixes Acrobat Reader zero-day with public PoC exploit

A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit. The flaw is tracked as CVE-2024-41869 and is a critical use after free vulnerability that could lead to remote code execution when opening a specially crafted PDF document. A "use after free" bug is when a program tries to access data in a memory location that has already been freed or released. READ MORE...

As quantum computing threats loom, Microsoft updates its core crypto library

Microsoft has updated a key cryptographic library with two new encryption algorithms designed to withstand attacks from quantum computers. The updates were made last week to SymCrypt, a core cryptographic code library for handing cryptographic functions in Windows and Linux. The library, started in 2006, provides operations and algorithms developers can use to safely implement secure encryption, decryption, signing, verification, hashing, and key exchange in the apps they create. The library supports federal certification requirements for cryptographic modules used in some governmental environments. READ MORE...

  • ...in 1914, character actor Desmond Llewelyn, best known as MI6 quartermaster "Q" in seventeen of the James Bond films, is born in Monmouthshire, Wales.
  • ...in 1931, legendary country music singer George Jones is born in Saratoga, TX.
  • ...in 1933, Hungarian-born physicist Leo Szilard has an epiphany while crossing a rainy London street, leading him to first conceive of the nuclear chain reaction.
  • ...in 1952, drummer/lyricist Neil Peart of Canadian rock group Rush is born in Hamilton, Ontario.
  • ...in 1959, Bonanza premieres as the first regularly scheduled color TV program.