March 24, 2024 at 09:24PM
Microsoft admitted to a memory leak issue in its March patches causing Windows domain controller crashes. A fix has been issued. Atlassian revealed a SQL injection bug and other critical vulnerabilities. A new, more dangerous variant of the AcidRain wiper malware has been identified. Negligent employees are the main cause of data loss.
In the recent meeting, the following key takeaways were discussed:
1. Microsoft has acknowledged and fixed a memory leak issue in its March patches, which led to crashing of Windows domain controllers. A patch has been delivered, and until it’s installed, monitoring memory usage or uninstalling the specific patches is recommended.
2. Critical vulnerabilities were reported, including a SQL injection bug in Atlassian’s Bamboo Data Center and Server, as well as vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry, and Franklin Fueling System EVO 550 and 5000 tank gauges. Patches are available for these issues.
3. A new variant of the wiper malware, AcidPour, has been identified as more dangerous than its predecessor, AcidRain. It has been linked to Russian threat actors and expanded to target additional Linux systems, which might disrupt RAID arrays and large storage systems.
4. Proofpoint’s Data Loss Landscape report highlighted that 85% of companies experienced data loss in the past year, with 71% attributing it to careless users. Privileged users, like HR and finance professionals, were identified as the biggest insider threat.
These are the key points highlighted from the recent meeting notes. Let me know if you need further details or have any specific queries.