Security News Update for September 25, 2022

This week’s news includes:

• CISA says Dataprobe’s PDUs used in critical infrastructure vulnerable
• Unpatched 15 year old Python bug allows code injection in 350,000 projects
• HP failed to patch firmware for a year
• Industrial control systems have joined the general computer world in their own patch Tuesday mess
• NSA and CISA release Control system defense: know the opponent
• New As-A-Service offering on the dark web
• Microsoft disabling (officially) Teams meeting add-in for Outlook since it seems to disable itself anyway
• Key Bank hit with potential class action over vendor breach claims negligence
• The feds launch $1 billion cyber grant program for SLTT governments
• Foreign regulators fine Facebook, Meta, Instagram over privacy settings
• Shareholders file suit against Twitter after Mudge testifies to Congress
• MFA fatigue – what is it and how do I protect myself/my company (Video)
• Grand Theft Auto breached
• Ransomware knocks Suffolk County (NY) back into the 1900s
• American Airlines hacked in July, announced it now
• Michigan school district closed for second day due to cyberattack
• Cryptocurrency market maker Wintermute loses $160 mil to hackers – says everything is fine
• South American is under cyberattack
• Third party risk may be your biggest risk
• California age-appropriate design code act is now law
• Car companies have a cyber target on them
• Security news bites for the week ending September 23, 2022: Twitter says there was at least one Chinese spy working at Twitter.  Uber says not to worry about this new breach – it was a contractor’s account that was compromised.  GPS jammers being used to hijack trucks and down drones.  Yet another cyber attack turned physical.  Kim Kardashian being sued as an influencer.  North Korean hackers target US energy companies.

• Audio
• Video