Wednesday Newsbytes: March Patch Tuesday – 60 Flaws Patched; Windows Users – Beware Magnet Goblin; Roku Suffers Data Breach; The Web Just Turned 35… and more
Every day we scan the tech world for interesting news in the world of technology and sometimes from outside the world of technology. Every Wednesday, we feature news articles that grabbed our attention over the past week. We hope you find this week’s ‘Wednesday Newsbytes’ informative and interesting!
Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server
Microsoft ships patches for at least 60 security vulnerabilities in the Windows ecosystem and warned of remote code execution risks.
The world’s largest software maker tagged two HyperV vulnerabilities — CVE-2024-21407 and CVE-2024-21408 with its highest critical-severity rating and urged users to prioritize these fixes to reduce exposure to code execution and denial-of-service attacks.
“This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server,” Redmond warned HyperV users.
The company said successful exploitation requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.
Microsoft also flagged a serious flaw in Open Management Infrastructure (OMI) for urgent attention, noting that the CVE-2024-21334 bug carries a CVSS severity score of 9.8 out of 10.
This month’s updates also provide cover for code execution issues in the oft-targeted Microsoft Exchange Server and a Microsoft Azure Kubernetes bug that opens the door for attackers to steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC)..
Millions of Windows PC owners put on red alert over new cybercrime gang Magnet Goblin
Security researchers have sounded the alarm over a new criminal gang called Magnet Goblin that’s targeting millions of Windows and Linux users worldwide. The location of the hackers is currently unknown, cybersecurity experts from Check Point have admitted.
Magnet Goblin is “methodically leveraging” so-called 1-day vulnerabilities — these are software flaws for which a patch was only recently released. If someone is slow to update to the latest version of the operating system, their devices will be vulnerable to these attacks. It comes as Microsoft confirmed end of support for the penultimate version of Windows 10, pushing users to consider an upgrade to Windows 11.
With cybercriminals in the Magnet Goblin gang scaling up their operation, the next time you see a pop-up appear in Windows or Linux reminding you about a new software update — do not dismiss the notification as you could be leaving your data open to hackers…
Roku Data Breach: What to Know if You Have an Account
The breach impacted thousands of users. Here’s how to update your Roku password.
More than 15,000 Roku users have been affected by a data breach where account login credentials were compromised via third parties. The company is notifying impacted customers and working with law enforcement to conduct an investigation. Roku provides streaming media players, smart TVs and a streaming platform that offers access to apps such as Netflix, Max, Disney Plus, Spotify and its in-house Roku Channel.
The streaming giant recently reported it reached 80 million active accounts and hit a viewership milestone where “100 billion hours were streamed on the platform in 2023.” Though the company has a large customer base, the scope of the breach is relatively small.
“Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously,” a Roku spokesperson told CNET in a statement…
The World Wide Web just turned 35 years — and please, stop calling it the Internet
The internet has vastly changed since its inception in 1989, with big data, AI and faster connections transforming how people use it
It’s unclear whether Sir Tim Berners-Lee knew the magnitude of his authoring of the 1989 paper titled “Information Management: A Proposal”. But it was undoubtedly a transformative moment for humanity and has impacted society and business in profound ways.
35 years on from a mere proposal, we have interconnected systems all around the world that are powering large-scale big data analytics workloads, cloud-enabled quantum computing and artificial intelligence (AI) agents that are integrated into software components — like Microsoft’s Copilot module. There may yet be further room for growth, with the metaverse and holographic projection possibly next in line as data transmission capabilities increase over the coming years.
Although the web was first proposed with Berners-Lee’s paper, the building blocks were in place for a few years beforehand by the US Department of Defense, when it decided to implement TCP/IP into its network. Thus, Arpanet was born. This eventually evolved into the model that’s become the web we use today — but it was a simple idea then, and pales into comparison compared with the intricately connected systems that govern every aspect of our lives.
The post-AI internet
The amount of data, for example, on the internet has exponentially surged — especially in the last few years. In 2018, IDC predicted that data would swell from 33ZB (or one billion terabytes) to 175ZB by 2025…
This bad boy is Zach T. Wilcox, owner of the world’s longest beard in 1922… Whoa, Zach! Save some beard for the rest of us, playboy.
See all 22 Images at Buzzfeed.
Thanks for reading this week’s Wednesday Newbytes. We hope these articles were informative, interesting, fun, and helpful. Darcy & TC