Cyber Bits · · 2 min read

Cyber Bits: September 16

This week, Ivanti reports a critical vulnerability now actively exploited, Transport for London is resetting 30,000 employee passwords in person, the Port of Seattle was hit by Rhysida ransomware, and a Windows vulnerability is being exploited via invisible braille spaces.

Cyber Bits: September 16

This week, Ivanti reports a critical vulnerability now actively exploited, Transport for London is resetting 30,000 employee passwords in person, the Port of Seattle was hit by Rhysida ransomware, and a Windows vulnerability is being exploited via invisible braille spaces.

Ivanti CSA Vulnerability

Link: Bleeping Computer

Ivanti has disclosed that a critical flaw in its Cloud Services Appliance (CSA) for Endpoint Manager Mobile (EPMM) is now being actively exploited. This vulnerability, tracked as CVE-2023-38035, enables attackers to bypass authentication and execute arbitrary commands, which could lead to full system compromise. Ivanti strongly recommends immediate patching, warning that threat actors have already begun leveraging this flaw in real-world attacks.

TfL Password Resets After Hack

Link: Bleeping Computer

Transport for London (TfL) is mandating in-person password resets for over 30,000 employees following a cyberattack. The precautionary move aims to safeguard employee accounts and prevent further exploitation after the organization was targeted by threat actors. Although the attack's impact on operational services remains unclear, TfL is implementing strict security measures, including password policies, to bolster defenses.

Port of Seattle Ransomware Attack

Link: Bleeping Computer

The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for the August 2024 cyberattack, which disrupted operations at Seattle-Tacoma International Airport. The ransomware incident led to some service outages, but the Port has not paid the ransom. Recovery efforts are ongoing, with a focus on strengthening cybersecurity measures to prevent future attacks.

Windows Braille Spaces Vulnerability

Link: Bleeping Computer

A newly identified Windows vulnerability is being actively exploited in zero-day attacks through the use of invisible braille spaces. Attackers embed these characters in malicious files to bypass detection, enabling them to infiltrate systems without triggering standard security alerts.

Read next

Cyber Bits: November 25
Cyber Bits ·

Cyber Bits: November 25

Welcome to this week's edition of Cyber Bits, where we cover the latest in malware campaigns, advanced persistent threats, data breaches, vulnerabilities in enterprise systems from Fortinet and Palo Alto, and the economic impact of cyberattacks. Here's what you need to know this week:

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.