Security News Update for October 11, 2024
Microsoft Confirms MMC Bug Being Exploited – No Patch
I could tell you to patch the bug but, for the 23rd time this year, the bug is being exploited in the wild and there is no patch. The bug, rated 7.8/10, is in the Microsoft Management Console tool and it was not among the 119 bugs they did patch this week. Be careful about running MMC saved console files; that seems to be the attack vector for now. Credit: Security Week
AT&T Faces Porch Pirates, Likely With Insider Information
For a company the size of AT&T, protecting against employees who sell information as a side hustle is hard to stop. AT&T says that it doesn’t have evidence of a hack, so an inside job is likely. The thieves show up minutes after FedEx drops off that shiny new phone and steals it, so they must have inside info. This is happening in multiple states. Try to get your new phone delivered to a human being like your office or a neighbor. Credit: Ars Technica
Hacker Claims Star Health Management Involved in Insurance Data Breach
Star Health, an India-based health insurance company was hacked a couple of months ago. They have claimed that they were not hacked even though the data, in small amounts, is available for free on the dark web and in bulk for money. Now the hacker is claiming that company management was in on the deal and offered ongoing back door access for $150,000, but then wanted more. If so, this is a bit of a problem for the company. Credit: CSO Online
Cyber Insurer Says Number of Claims Down, Size of Claims Up
Well this is a mixed bag. Coalition Insurance, says that although the number of claims is down, which is good, the size of claims is up by 14 percent. They also said that 40 percent of clients paid a ransom after a ransomware attack (which is why they are still profitable) and that Business Email Compromise claims were the biggest percentage of claims. Credit: The Record
As Companies Use AI to Filter Job Applicants, Applicants Use AI to Apply to Thousands of Jobs
I am not sure how this will end, but there is now software, available for free, that allows you to scrape job boards, create a custom cover letter and even generates a custom resume. One user turned the software on while eating breakfast at a cafe. By the time he was done, it had applied to 12 jobs. Some applicants are letting it run 24/7, auto-applying to thousands of jobs. The software is called Auto_Jobs_Applier_AIHawk and is available for free on Github. Credit: 404 Media