IT Security Newsletter

IT Security Newsletter - 9/6/2023

Written by Cadre | Wed, Sep 6, 2023

4 Okta customers hit by campaign that gave attackers super admin control

Authentication service Okta said four of its customers have been hit in a recent social-engineering campaign that allowed hackers to gain control of super administrator accounts and from there weaken or entirely remove two-factor authentication protecting accounts from unauthorized access. The Okta super administrator accounts are assigned to users with the highest permissions inside an organization using Okta's service. READ MORE...

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. READ MORE...

Coffee Meets Bagel says recent outage caused by destructive cyberattack

The Coffee Meets Bagel dating platform confirms last week's outage was caused by hackers breaching the company's systems and deleting company data. The dating platform says they are geared towards users looking for a serious relationship rather than casual dating. Last week, Coffee Meets Bagel (CMB) suffered a worldwide outage, with users upset that they could not coordinate planned dates or continue communicating with their matches. READ MORE...

Atlas VPN zero-day allows sites to discover users' IP address

Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users' real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several days ago by the person who discovered the flaw and purportedly first tried to privately share the discovery with Atlas VPN. Atlas VPN offers VPN solution that changes users' IP address and encrypts their online connections. READ MORE...

Researchers Discover Critical Vulnerability in PHPFusion CMS

Security researchers have discovered what they described as a critical vulnerability in the relatively widely used PHPFusion open source content management system (CMS). The authenticated local file inclusion flaw, identified as CVE-2023-2453, allows for remote code execution if an attacker can upload a maliciously crafted ".php" file to a known path on a target system. It is one of two vulnerabilities that researchers at Synopsys discovered recently in PHPFusion. READ MORE...

ASUS routers vulnerable to critical remote code execution flaws

Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed. These three WiFi routers are popular high-end models within the consumer networking market, currently available on the ASUS website, favored by gamers and users with demanding performance needs. READ MORE...

  • ...in 1901. anarchist Leon Czolgosz shoots and fatally wounds US President William McKinley at the Pan-American Exposition in Buffalo, NY.
  • ...in 1916, the first Piggly Wiggly store opens in Memphis, TN. It was the first self-service grocery chain.
  • ...in 1972, English actor Idris Elba ("The Wire", "Pacific Rim") is born in London, England.
  • ...in 1991, Russia's second largest city changes its name back to Saint Petersburg, after 67 years as Leningrad.