Cellular company Mint Mobile discloses data breach. Some customer info exposed including SIM and IMEI; No PII or PCI data.

https://www.bleepingcomputer.com/news/security/mint-mobile-discloses-new-data-breach-exposing-customer-data/

Because of the data that was leaked, SIM swapping is a real concern for those customers. Read the story here

Google plugs Chrome Zero-Day hole that is actively being exploited in the wild.

This is said to be a heap buffer overflow flaw in the WebRTC framework according to Google.

A heap buffer overflow is a software code vulnerability that can be faulted or exploited by a bad actor, which can cause unintended consequences including a blue screen of death (BSOD, unauthorized access, or Denial of Service (DoS). The overflow generally occurs when the allotted storage capacity is exceeded by the volume of data.

More can be read at thehackernews.com here:

A month after their $1M settlement with New York, First American Title suffers a crippling cybersecurity attack

The Title insurance giant just completed a $1 million settlement with DFS of New York over a 2019 cybersecurity breach affecting customer data.

First American Title is providing updates here: https://www.firstamupdate.com/

Related articles:

https://therecord.media/first-american-title-insurance-cyberattack-real-state-industry

First American is the latest cybersecurity attack victim

Report: Comcast waits on critical Citrix zero-day vulnerability and loses data for 36 million customers. Change passwords now.

https://arstechnica.com/security/2023/12/hack-of-unpatched-comcast-servers-results-in-stolen-personal-data-including-passwords/

Customer data including PII and security questions have been taken.

Having problems with WiFi after updates at school or work? Try uninstalling Windows 11 KB5033375

https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/

Internet outlets across the web were packed with complaints and reports of wireless connectivity issues after applying the December updates. Universities across the U.S. are recommending users uninstall the update and even mention how to do that. HERE are the steps that Microsoft recommends to uninstall an update. Search in the updates for KB5033375. It is worthy to note that not all updates are uninstallable (yes it’s a word).

There are no reports of these problems with Windows 10

U.S. Federal Agencies and other countries release advisory that Russian Foreign Intelligence Service (SVR) is exploiting vulnerability in Jetbrains TeamCity globally

According to CISA, FBI, NSA, Polish Military Counterintelligence, CERT Polska, and UK’s National Cyber Security Centre, Russian actors known by names including APT 29 are and have been exploiting servers hosting JetBrains TeamCity software since at least September, 2023. This software is used for software compilations, including building, testing and releasing software. The potential impact is pretty large, including supply chain operations (think Solarwinds). The article details IOCs

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a

Click to access aa23-347a-russian-foreign-intelligence-service-svr-exploiting-jetbrains-teamcity-cve-globally_0.pdf

Joint advisory

https://nvd.nist.gov/vuln/detail/cve-2023-42793

RCE Vulnerability in Apache Struts2

There is a new vulnerability in Apache Struts2.

If you don’t know, previous vulnerabilities were devastating to infrastructures; to the extent that we still see the attack vector being attempted. Affected versions are:

• Apache Struts 2.0.0 through 2.5.32
• Apache Struts 6.0.0 through 6.3.0.1

Apache Struts2 Remote Code Execution Vulnerability (CVE-2023-50164)

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

Ivanti Connect Secure/Pulse Secure

If you are not caught up on patches, get so quickly. In addition to password spraying, we are seeing a large pickup in exploit attempts. The most recent version is Release 9.1R18.2 PRs. You can find the notes here: https://help.ivanti.com/ps/help/en_US/ICS/9.1RX/rn-9.1R18.2/fixed-issues.htm. It was only May, 2021 when actors were exploiting zero-days. The impact of that vulnerability caused Pulse Secure to release an Integrity Tool to check if files had been modified on the appliances.

Now might be a good time to refamiliarize yourself with the tool if you are not familiar https://forums.ivanti.com/s/article/KB44755?language=en_US

Ivanti Best Practices Guide https://forums.ivanti.com/s/article/KB29805?language=en_US&kA1j0000000Fil5=

Over 20k Microsoft Exchange servers risked in exploitable vulnerabilities

https://www.bleepingcomputer.com/news/security/over-20-000-vulnerable-microsoft-exchange-servers-exposed-to-attacks/

Some of these CVEs go back years, including the days of ProxyLogon shell attacks. All these have patches available. There are some 30.5k unsupported versions of Exchange as of November, 2023. Read more here.

60 Credit Unions affected by ransomware in likely supply chain attack

https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/

Related Articles

https://www.cnn.com/2023/12/01/politics/ransomware-attack-credit-unions/index.html

https://abc7.com/ransomware-attack-in-us-credit-union-outages-trellance-cyberattack-ncua/14133374/

https://www.msn.com/en-us/money/other/60-us-credit-unions-offline-after-ransomware-infects-backend-cloud-outfit/ar-AA1kRVhA