New Wi-Fi Attack Allows Traffic Interception, Security Bypass
Source: Security Week
A group of academic researchers devised an attack that can intercept Wi-Fi traffic at the MAC layer, bypassing client isolation. The attack exploits a Wi-Fi client isolation bypass vulnerability tracked as CVE-2022-47522 and impacts Wi-Fi networks with malicious insiders, but can also be used to bypass Dynamic ARP inspection (DAI), the academics say in their research paper.
Exchange Online to block emails from vulnerable on-prem servers
Source: Bleeping Computer
Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them. As Redmond explains, these are Exchange servers in on-premises or hybrid environments that run end-of-life software or haven't been patched against known security bugs.
Your Okta passwords can be easily hacked, experts claim
Source: Tech Radar Pro
If you have access to audit logs, you could have access to everything. A significant security flaw has reportedly been detected in identity and access management powerhouse Okta's platform which could have given threat actors access to user login credentials, and ultimately access to any resources or applications they use.
Health Plan, Mental Health Provider Hit by GoAnywhere Flaw
Source: Info Risk Today
Insurer Notifying Thousands Affected by Breach of Behavioral Health Provider's Data. Blue Shield of California is notifying more than 63,000 customers that their data was potentially exfiltrated in a compromise involving Fortra's GoAnywhere secure file transfer software and one of the health plan's covered mental health providers for minors.
ChatGPT Exposed Payment Card Data of Subscribers
Source: Data Breach Today
OpenAI said it took its ChatGPT chatbot offline Monday after detecting a bug in an open-source library that allowed users to see snatches of conversations from another active user's chat history. The company now says the bug, which is in software used to cache user information, may also have exposed payment-related information of 1.2% of ChatGPT Plus subscribers who were active during the early hours of Monday morning in its California headquarters' time zone.