CyberSecurity Updates

14 Sep

A Second Major British Police Force Suffers a Cyberattack in Less Than a Month

Data Breaches, Information, News

Personal details of thousands of police officers and staff from Greater Manchester Police have been hacked from a company that makes identity cards, the second such cyberattack to affect a major British police force in less than a month. Details on identity badges and warrant cards, including names, photos and identity numbers or police collar numbers, were stolen in the ransomware attack, Greater Manchester Police said Thursday. The third-party supplier was not identified. The force…

Read More
13 Sep

Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington

Information, News

The nation’s biggest technology executives on Wednesday loosely endorsed the idea of government regulations for artificial intelligence at an unusual closed-door meeting in the U.S. Senate. But there is little consensus on what regulation would look like, and the political path for legislation is difficult. Senate Majority Leader Chuck Schumer, who organized the private forum on Capitol Hill as part of a push to legislate artificial intelligence, said he asked everyone in the room —…

Read More
13 Sep

FBI Hacker Dropped Stolen Airbus Data on 9/11

Data Breaches, Information, Insights

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while…

Read More
13 Sep

CISA Adds Three Known Vulnerabilities to Catalog

Attacks, Insights, Malware

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-35674 Android Framework Privilege Escalation Vulnerability CVE-2023-20269 Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability CVE-2023-4863 Google Chrome Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added…

Read More
12 Sep

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Information, Insights

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim.…

Read More
12 Sep

Zero Day Summer: Microsoft Warns of Fresh New Software Exploits

Information, News

Microsoft’s struggles with zero-day exploits rolled into a new month with a fresh warning that two new Windows vulnerabilities are being targeted by malware attacks in the wild. As part of its scheduled batch of Patch Tuesday security fixes, Redmond’s security response team flagged the two zero-days — CVE-2023-36761 and CVE-2023-36802 — in the “exploitation detected” category and urged Windows sysadmins to urgently apply available fixes. The most serious of the two bugs is described…

Read More
12 Sep

Microsoft Releases September 2023 Updates

Attacks, Insights, Malware

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s September 2023 Security Update Guide and apply the necessary updates.  

Read More
12 Sep

Apple Releases Security Updates for iOS and macOS

Attacks, Insights, Malware

Apple has released security updates to address a vulnerability in multiple products. A cyber threat actor could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 15.7.9 and iPadOS 15.7.9 macOS Monterey 12.6.9 macOS Big Sur 11.7.10  

Read More
12 Sep

CISA Releases its Open Source Software Security Roadmap

Attacks, Insights, Malware

Today, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how we will partner with federal agencies, open source software (OSS) consumers, and the OSS community, to secure OSS infrastructure. To that end, the roadmap details four key goals: Establish CISA’s role in supporting the security of OSS, Understand the prevalence of key open source dependencies, Reduce risks to the federal government,…

Read More