In today’s cybersecurity news…
CISA orders feds to patch OIM
CISA ordered federal agencies to patch a critical Oracle Identity Manager zero-day by December 12th, after evidence showed attackers were probing the flaw weeks before Oracle issued a fix on October 21st. The bug lets unauthenticated attackers take over OIM with a single HTTP request, with researchers at Searchlight Cyber calling exploitation “trivial.” SANS Internet Storm Center’s Johannes Ullrich found logs showing pre-patch scans dating back to late August, pointing to at least one threat actor using it as a zero-day. It’s now on CISA’s Known Exploited Vulnerabilities list. (The Register)
Delta Dental of Virginia incurs data breach
Delta Dental of Virginia says a compromised email account exposed personal and health data for about 146,000 customers. The breach was discovered April 23rd and may have allowed access to emails and attachments going back to March 21st.. including names, Social Security numbers, government ID numbers, and protected health information. The company says there’s no evidence of misuse but is offering a year of free identity protection and credit monitoring to affected individuals. (Security Affairs)
Systems down at postal operator in Ukraine
The Ukrainian Cyber Alliance (UCA), claimed responsibility for a cyberattack that disrupted Donbas Post, a Russian state-owned postal operator in occupied eastern Ukraine. The attack reportedly wiped more than 1,000 workstations, around 100 virtual machines, and several dozen terabytes of data. Donbas Post restricted services and suspended branch and call center operations. The disruption coincided with a drone strike on local energy infrastructure, leaving many wondering if the incidents were coordinated. UCA has previously targeted Russian financial, telecom, and municipal systems. (The Record)
Fluent Bit bugs allowed cloud disruption
Researchers from Oligo found five long-standing, easy-to-exploit vulnerabilities in Fluent Bit, a widely used open source log collector deployed across every major cloud platform. The bugs include authentication bypass, path traversal, remote code execution, denial of service, and tag manipulation. Some flaws date back more than eight years and threaten full cluster compromise when chained. Updated versions 4.1.1 and 4.0.12 fix the issues. (The Register)
Huge thanks to our episode sponsor, KnowBe4
That’s why KnowBe4’s Human Risk Management platform allows you to measure, quantify and actually reduce human risk across your organization.
With AI-powered risk scoring, automated coaching and reporting, HRM+ helps you surface your highest risk users and reduce the risk of data breaches and cyberattacks proactively.
Ready to move from awareness to action? Request a demo of HRM+ today at knowbe4.com.
Hacklore to tackle security myths
A new initiative called Hacklore.org launched to push back against long-standing cybersecurity myths, like frequently changing passwords or avoiding all public Wi-Fi. Created by former Yahoo and DNC security chief Bob Lord, the project promotes simple, evidence-based practices like passkeys, MFA, password managers, and keeping software updated. More than 80 cybersecurity experts signed an open letter urging a shift toward practical guidance and support for “secure by design” and “secure by default” approaches. (CyberScoop)
Amazon AI agents hunt deep bugs
Amazon announced it’s developed an internal system called Autonomous Threat Analysis (ATA) to help its security teams proactively detect vulnerabilities across its platforms. ATA uses specialized AI agents to identify weaknesses, perform variant analysis to find similar flaws, and propose remediations before attackers can exploit them. The system comes from an internal hackathon and is now part of Amazon’s effort to manage the growing complexity of software security. (Wired)
ShadowRay 2.0 Turns AI Clusters into Crypto Botnets
ShadowRay 2.0 is hijacking exposed Ray clusters to run a self-propagating cryptomining and data theft botnet. Researchers say the group IronErn440 is abusing Ray’s disputed RCE flaw to seize AI infrastructure, steal models and credentials, and spread autonomously across some 230,000 exposed environments. After GitLab shut down their C2, the attackers shifted to GitHub and started targeting large GPU clusters. Without a formal patch, misconfigured Ray deployments can be easy targets. (Dark Reading)
Real estate intrusion concerns big banks
Real estate finance services firm SitusAMC reported a cyber intrusion earlier this month that exposed confidential client data, including accounting records and legal agreements. The FBI says it’s investigating. The company has notified potentially affected customers, which may include major banks like Citi, JPMorgan Chase, and Morgan Stanley. No ransomware was involved. SitusAMC has since added security measures like resetting credentials, disabling remote access, updating firewalls, and monitoring systems while processing the full scope of the breach. (The Register)