Ukraine cyber head suspended, LG TV vulns, Microsoft exposed passwords
Ukraine’s head of cybersecurity suspended and assigned to combat zone
The head of the cybersecurity department of the Security Service of Ukraine (SSU), Illia Vitiuk, has been suspended pending an investigation into potential tax reporting discrepancies. Investigative journalists published a report stating that Vitiuk under-reported the value of an apartment purchased by his wife by about UAH 7.2 million in his tax declaration. For the duration of the investigation, the SSU has assigned Vitiuk to serve in a combat zone to directly defend against Russian forces.
(MSN )
Over 90,000 LG Smart TVs exposed to remote attacks
Security researchers have discovered four vulnerabilities impacting multiple versions of the operating system used in LG smart TVs. The flaws in LG’s WebOS enable authorization bypass, privilege escalation, and command injection. Exploiting these flaws could allow a threat actor to take control of services on the device, pivot to more sensitive devices connected to the same network, or enlist devices into malware botnets or cryptomining schemes. Shodan internet scans have identified 91,000 exposed and potentially vulnerable devices. Though LG TVs alert users when important WebOS updates are available, those can be postponed indefinitely. Users should apply updates by going to the TV’s Settings > Support > Software Update, and selecting “Check for Update.”
(Bleeping Computer and Dark Reading )
Microsoft exposed internal passwords in security lapse
On February 6th, security researchers notified Microsoft that they discovered an unsecured Azure cloud storage server. The server contained info relating to Microsoft’s Bing search engine as well as code, scripts and configuration files containing passwords, keys and credentials used by Microsoft employees for accessing other internal databases and systems. The storage server was not protected with a password and could be accessed by virtually anyone on the internet. Microsoft secured the exposed files on March 5 but did not say whether it had reset or changed any of the exposed internal credentials. It’s also unclear how long the cloud server was exposed to the internet.?
(TechCrunch )
Ransomware gang stole health data of 533,000 people
Non-profit healthcare provider Group Health Cooperative of South Central Wisconsin (GHC-SCW) disclosed Tuesday that it suffered a ransomware attack back in January. The BlackSuit Ransomware gang stole personal info of over half a million (533,809) individuals including names, addresses, telephone numbers, e-mail addresses, dates of birth and deaths, social security numbers, and insurance numbers. However, the attackers were unable to encrypt the compromised devices which the company took offline upon detecting the unauthorized access. BlackSuit claimed the attack in March and said they also swiped patients’ financial information, employees’ data, business contracts, and email correspondence. Blacksuit is believed to be a rebrand of the Royal ransomware gang, the direct successor of the notorious Conti cybercrime group.
Huge thanks to our sponsor, Vanta
领英推荐
Google workspace to use AI for data security
Google announced a significant upgrade to its Workspace platform, integrating Artificial Intelligence (AI) technology to enhance its meeting experience and to bolster data security. The platform now claims to reduce spam by 20% and 90% faster response time to phishing-related complaints leading to improved protection of files stored in Google Drive. Administrators also gain new capabilities, including the ability to classify sensitive documents and files using AI-powered data leak prevention controls. With the bolstered security features have come some user complaints of some legitimate emails being incorrectly diverted to spam folders.?
Hackers using infected devices to hunt for vulnerabilities
Vulnerability scanning has long been a key reconnaissance step for malicious actors looking to deploy cyber-attacks. However, researchers at Palo Alto Networks Unit 42 say that in 2023 a growing number of threat actors conducted their vulnerability scanning activity from a previously compromised devices. The researchers identified vulnerability scanning clusters targeting vulnerabilities in commodity products such as Ivanti’s Connect Secure and Policy Secure solutions and Progress’ MOVEit Transfer. This malware-based vulnerability scanning tactic allows threat actors to better cover their tracks by bypassing geofencing and to scale their operations by generating higher scan volumes using compromised devices.
You should probably patch that (Patch Tuesday edition)
Yesterday, Microsoft released its April 2024 Patch Tuesday security updates to fix 147 flaws, the largest volume of bugs addressed in a single month since 2017. Just three vulnerabilities were classified as critical. However, Microsoft initially failed to mark two flaws as zero-days, even though they were being actively exploited. Sophos and Trend Micro shared exploit details for the two flaws, one a Proxy Driver Spoofing Vulnerability (CVE-2024-26234) and the other a SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988).
There were also over sixty-seven remote code execution bugs addressed, more than half of which were found within Microsoft SQL drivers.
Meanwhile, Adobe issued its own security fixes, calling attention to a pair of critical-severity code execution bugs in Adobe?Commerce and?Magento Open Source. Adobe also fixed a critical code execution bug in its Media Encoder for both Windows and macOS. Adobe said it is not aware of in-the-wild exploitation of these bugs, or any others it addressed across its products this month.
(Bleeping Computer [1 ][2 ] and Dark Reading and Krebs on Security and SecurityWeek [1 ][2 ])
Cyber training initiative taps talents of blind and visually impaired
An ambitious, visually impaired cybersecurity professional named David Mayne, has partnered with an organization called Envision to help other aspiring cyber professionals who are blind or visually impaired (BVI). According to Envision, 70% of people who experience low vision are unemployed. With support from his Wichita, KS-based employer (Novacoast), Mayne developed the Apex Program, an online, on-demand course to prepare VBI students for certification exams including CompTIA’s Network+ or Security+. Once certified, Apex also helps enrollees find work. One of the first graduates recently joined Novacoast as a SOC Analyst. Twenty-five students have enrolled in the program since its inception in May 2023 and Mayne is hoping for 100 new enrollees this year. The current program is offered at no cost thanks to state grants. So far, 16 states have partnered with the Apex Program, with Florida and Texas expected to join this year.?
(Dark Reading )