Tux Machines

Security Leftovers

Posted by Roy Schestowitz on May 03, 2023

=> today's howtos | today's howtos

IT Services Firm Bitmarck Takes Systems Offline Following Cyberattack

=> ↺ IT Services Firm Bitmarck Takes Systems Offline Following Cyberattack

German IT services giant Bitmarck has taken customer and internal systems offline following a cyberattack.

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

=> ↺ Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016.

T-Mobile Says Personal Information Stolen in New Data Breach

=> ↺ T-Mobile Says Personal Information Stolen in New Data Breach

Wireless carrier T-Mobile says the personal information of a small number of individuals was exposed in a recent data breach.

iPhone Users Report Problems Installing Apple’s First Rapid Security Response Update

=> ↺ iPhone Users Report Problems Installing Apple’s First Rapid Security Response Update

Apple has released its first Rapid Security Response patch, but iPhone users are complaining that they are having problems installing it.

AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) [Ed: BitLocker has back doors in it anyway [1, 2]]

=> ↺ AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) | ↺ 1 | ↺ 2

Researchers with the Technical University of Berlin reveal that AMD's firmware-based Trusted Platform Module (fTPM / TPM) can be fully compromised via a voltage fault injection attack, thus allowing full access to the cryptographic data held inside the fTPM.

CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January

=> ↺ CISA Warns of Attacks Exploiting Oracle WebLogic Vulnerability Patched in January

CISA warns of attacks exploiting an Oracle WebLogic vulnerability tracked as CVE-2023-21839, which was patched with the January 2023 CPU.

Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes

=> ↺ Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes

Fortinet warns of a massive spike in malicious attacks targeting a five-year-old authentication bypass vulnerability in TBK DVR devices.

Leaked Files Show Extent of Ransomware Group’s Access to Western Digital Systems

=> ↺ Leaked Files Show Extent of Ransomware Group’s Access to Western Digital Systems

Ransomware group leaked files showing the extent of their access to Western Digital systems and how they monitored the company’s initial response to the breach.

=> gemini.tuxmachines.org