top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #38 - March 27, 2023

New Wi-Fi Attack Allows Traffic Interception, Security Bypass

Source: Security Week

A group of academic researchers devised an attack that can intercept Wi-Fi traffic at the MAC layer, bypassing client isolation. The attack exploits a Wi-Fi client isolation bypass vulnerability tracked as CVE-2022-47522 and impacts Wi-Fi networks with malicious insiders, but can also be used to bypass Dynamic ARP inspection (DAI), the academics say in their research paper.





Exchange Online to block emails from vulnerable on-prem servers

Source: Bleeping Computer

Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them. As Redmond explains, these are Exchange servers in on-premises or hybrid environments that run end-of-life software or haven't been patched against known security bugs.





Your Okta passwords can be easily hacked, experts claim

Source: Tech Radar Pro

If you have access to audit logs, you could have access to everything. A significant security flaw has reportedly been detected in identity and access management powerhouse Okta's platform which could have given threat actors access to user login credentials, and ultimately access to any resources or applications they use.





Health Plan, Mental Health Provider Hit by GoAnywhere Flaw

Source: Info Risk Today

Insurer Notifying Thousands Affected by Breach of Behavioral Health Provider's Data. Blue Shield of California is notifying more than 63,000 customers that their data was potentially exfiltrated in a compromise involving Fortra's GoAnywhere secure file transfer software and one of the health plan's covered mental health providers for minors.





ChatGPT Exposed Payment Card Data of Subscribers

Source: Data Breach Today

OpenAI said it took its ChatGPT chatbot offline Monday after detecting a bug in an open-source library that allowed users to see snatches of conversations from another active user's chat history. The company now says the bug, which is in software used to cache user information, may also have exposed payment-related information of 1.2% of ChatGPT Plus subscribers who were active during the early hours of Monday morning in its California headquarters' time zone.




105 views

Comments


Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page