Cyber Bits · · 2 min read

Cyber Bits: September 16

This week, Ivanti reports a critical vulnerability now actively exploited, Transport for London is resetting 30,000 employee passwords in person, the Port of Seattle was hit by Rhysida ransomware, and a Windows vulnerability is being exploited via invisible braille spaces.

Cyber Bits: September 16

This week, Ivanti reports a critical vulnerability now actively exploited, Transport for London is resetting 30,000 employee passwords in person, the Port of Seattle was hit by Rhysida ransomware, and a Windows vulnerability is being exploited via invisible braille spaces.

Ivanti CSA Vulnerability

Link: Bleeping Computer

Ivanti has disclosed that a critical flaw in its Cloud Services Appliance (CSA) for Endpoint Manager Mobile (EPMM) is now being actively exploited. This vulnerability, tracked as CVE-2023-38035, enables attackers to bypass authentication and execute arbitrary commands, which could lead to full system compromise. Ivanti strongly recommends immediate patching, warning that threat actors have already begun leveraging this flaw in real-world attacks.

TfL Password Resets After Hack

Link: Bleeping Computer

Transport for London (TfL) is mandating in-person password resets for over 30,000 employees following a cyberattack. The precautionary move aims to safeguard employee accounts and prevent further exploitation after the organization was targeted by threat actors. Although the attack's impact on operational services remains unclear, TfL is implementing strict security measures, including password policies, to bolster defenses.

Port of Seattle Ransomware Attack

Link: Bleeping Computer

The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for the August 2024 cyberattack, which disrupted operations at Seattle-Tacoma International Airport. The ransomware incident led to some service outages, but the Port has not paid the ransom. Recovery efforts are ongoing, with a focus on strengthening cybersecurity measures to prevent future attacks.

Windows Braille Spaces Vulnerability

Link: Bleeping Computer

A newly identified Windows vulnerability is being actively exploited in zero-day attacks through the use of invisible braille spaces. Attackers embed these characters in malicious files to bypass detection, enabling them to infiltrate systems without triggering standard security alerts.

Read next

Cyber Bits: September 23
Cyber Bits ·

Cyber Bits: September 23

This week, we cover software-breaking updates, major security vulnerabilities including a Mediatek 0day, data breaches at Deloitte and Dell, cyber-espionage activities and Disney affected by Slack.