A look at new cybersecurity products, breaches, cybersecurity legislation, and other news that matters to cybersecurity professionals.
Breaches, Leaks, and Hacks
Minnesota school district cancels classes for 42 schools after alleged cyberattack
By Jonathan Greig - TheRecord
A public school system in Rochester, Minnesota announced this weekend that it was canceling classes on Monday for all 42 schools it operates after it was hit by a suspected cyberattack that began late last week.
Rogue QuickBooks, PayPal accounts used in novel phishing attacks
By Steve Zurier - SC Media
Hackers are signing up for QuickBooks and PayPal accounts for free and sending thousands of false invoices with phony phone numbers to mid-level managers and purchasing people as well as attacking small businesses. And it's working.
SD Worx shuts down UK payroll, HR services after cyberattack
By Lawrence Abrams - BleepingComputer
Belgian HR and payroll giant SD Worx has suffered a cyberattack causing them to shut down all IT systems for its UK and Ireland services.
Western Digital struggles to fix massive My Cloud outage, offers workaround
By Steve Zurier - SC Media
On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files.
MSI confirms security breach following ransomware attack claims
By Sergiu Gatlan - BleepingComputer
Following reports of a ransomware attack, Taiwanese PC vendor MSI (short for Micro-Star International) confirmed that its network was breached in a cyberattack.
Cybercriminals Exploit CAN Injection Hack to Steal Cars
By WAQAS - HACKREAD
If it is connected, it is vulnerable; in this case, a Toyota RAV4 model was stolen within two minutes.
Uber Drivers' Data Exposed in Breach of Law Firm's Servers
By Alessandro Mascellino - InfosecurityMagazine
A mid-sized law firm representing Uber has notified an unknown number of its drivers that sensitive data has been exposed and stolen due to a cyber-attack. New Jersey-based Genova Burns disclosed the breach in an email to customers first obtained by The Register.
Patches, Security Updates, and Fixes
Apple fixes two zero-days exploited to hack iPhones and Macs
By Sergiu Gatlan - BleepingComputer
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.
More Coverage: NakedSecurity by Sophos
Popular server-side JavaScript security sandbox “vm2” patches remote execution hole
By Paul Ducklin - NakedSecurity by Sophos
Update vm2 if you use (or are responsible for building) any products that depend on this package.
Government Cybersecurity News
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CVE-2021-27876 Veritas Backup Exec Agent File Access Vulnerability
CVE-2021-27877 Veritas Backup Exec Agent Improper Authentication Vulnerability
CVE-2021-27878 Veritas Backup Exec Agent Command Execution Vulnerability
CVE-2019-1388 Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
CVE-2023-26083 Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Biden remarks AI ‘could be’ dangerous and needs safety guardrails
By Stephen Weigand - SC Media
Biden said AI needs built-in protections to ensure the rights and privacy of Americans. The comments were made on Tuesday in a meeting with the President’s Council of Advisors on Science and Technology.
CISA orders agencies to patch Backup Exec bugs used by ransomware gang
By Ionut Ilascu - BleepingComputer
On Friday, U.S. Cybersecurity and Infrastructure Security Agency (CISA) increased by five its list of security issues that threat actors have used in attacks, three of them in Veritas Backup Exec exploited to deploy ransomware.
CISA warns of critical flaws in ICS and SCADA software from multiple vendors
By Lucian Constantin - CSOOnline
The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors.
Pressure mounts to create Cyber Force under U.S. DOD
By SC Staff - SC Media
Defense technology experts and veterans have increased calls for the establishment of a new Cyber Force branch under the U.S. Department of Defense, focused solely on maintaining national cybersecurity and readiness against online threats from adversaries including Russia and China, according to The Register.
Cybersecurity Research
Researcher Tricks ChatGPT Into Building Undetectable Steganography Malware
By Jai Vijayan - DarkReading
Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.
Almost Half of Former Employees Say Their Passwords Still Work
By DarkReading Staff - DarkReading
An alarming number of organizations are not properly offboarding employees when they leave, especially in regard to passwords. In a March PasswordManager.com survey of 1,000 U.S. workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.
Two-Fifths of IT Pros Told to Keep Breaches Quiet
By Phil Muncaster - InfosecurityMagazine
Over two-fifths (42%) of IT professionals have been told to keep a security breach under wraps, potentially inflaming regulatory compliance risk, according to a new study from Bitdefender.
