Cyber Threat Report: Cyber Security News for 06/23/23

US Military Personnel Receiving Unsolicited, Suspicious Smartwatches
The US Army says soldiers say unsolicited, suspicious smartwatches are being sent to soldiers, exposing them to malware attacks. Read More

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps
Businesses using ‘Login with Microsoft’ could be exposed to privilege escalation and full account takeover exploits. Read More

Kremlin-Backed Hacking Group Puts Fresh Emphasis On Stealing Credentials
Attacks are directed at governments, IT service providers, nongovernmental organizations (NGOs), and defense and critical manufacturing industries. Read More

iOttie discloses data breach after site hacked to steal credit cards
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers' credit cards and personal information. Read More

Exploit Released for Cisco AnyConnect Bug Giving SYSTEM Privileges
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM. Read More

Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws
An American energy technology company, Enphase builds and sells solar micro-inverters, charging stations, and other energy equipment has ignored CISA requests to fix remotely exploitable vulnerabilities. Read More

Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack
Gen Digital, which owns Avast, Avira, AVG, Norton, and LifeLock, said employee data was compromised in the MOVEit ransomware attack. Read More

Guess What Happened To This Us Agency Using Outdated Software?
A group of government-backed hackers used an almost six-year-old Telerik vulnerability to break into a US federal agency's Microsoft IIS web server, underscoring the importance of patching. Read More

SSD Missing From Sap Datacenter Turns Up On Ebay, Sparking Security Investigation
Four disks were believed stolen from the Walldorf facility, at least one containing company data. Read More

The Us Navy, Nato, And Nasa Are Using A Shady Chinese Company’s Encryption Chips
US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Read More

Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems
A new bill proposes to increase cybersecurity funding for rural water systems by $7.5 million dollars per year. Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

US military personnel are being targeted with unsolicited smartwatches, posing security concerns. These watches are sent without any prior request or notification, raising suspicions about potential cyber threats. There are worries that these devices could gather sensitive personal information or serve as surveillance tools. The military is cautioning personnel against using or connecting these smartwatches to government networks, emphasizing the need for increased cybersecurity awareness.

Researchers have discovered a critical security flaw in Microsoft Azure AD OAuth apps, which could lead to account takeovers. The vulnerability allows attackers to bypass the consent process and gain unauthorized access to user accounts. By exploiting this flaw, malicious actors could potentially access sensitive data or perform unauthorized actions on behalf of the affected users. Microsoft has been alerted about the issue and has released a security update to address the vulnerability, urging users to apply the patch immediately to mitigate the risk.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.