<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 9/25/2023

SHARE

Breaches

Air Canada discloses data breach of employee and 'certain records'

Air Canada, the flag carrier and the largest airline of Canada, disclosed a cyber security incident this week in which hackers "briefly" obtained limited access to its internal systems. According to the airline, the incident resulted in the theft of a limited amount of personal information of some of its employees and "certain records." Customer data was not affected. READ MORE...


T-Mobile US exposes some customer data - but don't call it a breach

T-Mobile US has had another bad week on the infosec front - this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied. According to customers who complained of the issue on Reddit and X, the T-Mobile app was displaying other customers' data instead of their own - including the strangers' purchase history, credit card information, and address. READ MORE...

Hacking

Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware

A leading Egyptian opposition politician was targeted with spyware after announcing a presidential bid, security researchers reported Friday. They said Egyptian authorities were likely behind the attempted hack. Discovery of the attempt last week by researchers at Citizen Lab and Google's Threat Analysis Group prompted Apple to rush out operating system updates for iPhones, iPads, Mac computers and Apple Watches to patch the associated vulnerabilities. READ MORE...


Youth hacking ring at the center of cybercrime spree

Over the past two years, a string of prominent cybersecurity breaches all have one thing in common: the involvement of a small online community of primarily young people dedicated to carrying out brash incursions. A team of researchers who have studied these online communities described to CyberScoop how an online community calling itself "the Com" has carved out a key role for itself in the broader online criminal ecosystem. READ MORE...

Software Updates

Emergency update! Apple patches three zero-days

Apple has released security updates for several products to address a handful of zero-day vulnerabilities that may already have been used by criminals. The updates may already have reached you in your regular update routines, but it doesn't hurt to check if your device is at the latest update level. If a Safari update is available for your device, you can get it by updating your iPhone or iPad or updating your Mac. READ MORE...

Malware

New stealthy and modular Deadglyph malware used in govt attacks

A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East. The Deadglyph malware is attributed to the Stealth Falcon APT (aka Project Raven or FruityArmor), a state-sponsored hacking group from the United Arab Emirates (UAE). The hacking group has been known for targeting activists, journalists, and dissidents for almost a decade. READ MORE...

Information Security

CISA urges use of memory safe code in software development

The Cybersecurity and Infrastructure Security Agency is urging the software industry to embrace the use of memory safe programming languages as part of a wider effort to eliminate security vulnerabilities in code. CISA called for the changes alongside a push to embrace secure-by-design practices during the software development stage and to increase the security of open source software. READ MORE...


LastPass: 'Horse Gone Barn Bolted' is Strong Password

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. READ MORE...

On This Date

  • ...in 1911, ground is broken in Boston, MA for Fenway Park.
  • ...in 1930, writer and illustrator Shel Silverstein ("The Giving Tree", "Where the Sidewalk Ends") is born in Chicago, IL.
  • ...in 1951, actor Mark Hamill, best known as Luke Skywalker in "Star Wars", as well as voicing the Joker in multiple Batman films/series/video games, is born in Oakland, CA.
  • ...in 1956, TAT-1, the first transatlantic telephone cable system is inaugurated, stretching between Scotland and Newfoundland.