Infosec bits for 2024 week 11

Sicelo Ncekana | March 18, 2024, 11:15 a.m.

Cybersecurity News:

GhostRace – New Data Leak Vulnerability Affects Modern CPUs (thehackernews.com) [Newsroom, The hacker News]

Google Chrome To Roll Out Real-Time URL Protection For Malware & Phishing Attack [Eswar, Cybersecurity News]

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada [Newsroom, The hacker News]

Health board fears hackers have stolen patient data [BBC, BBC]

New acoustic attack determines keystrokes from typing patterns [Bill Toulas, Bleeping Computer]

Cyberattacks and Data Breaches:

Ransomware group dumps massive collection of government employee data online [Myles Illidge, Mybroadband]

Nissan Data Breach Affects 100,000 Individuals [Eduard Kovacs, Security Week]

NHS health board breach may include patient data [Vilius Petkauskas, Cybernews]

Vulnerabilities & Patches:

Fortinet Warns of Yet Another Critical RCE Flaw (darkreading.com) [Jai Vijayan, Dark Reading]

Cisco this week addressed high-severity elevation of privilege and denial-of-service (DoS) vulnerabilities in IOS RX software. [Pierluigi Paganini, Security Affairs]

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover [Newsroom, The hacker News]

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded [István Márton, Wordfence]

RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage [Newsroom, The hacker News]

Malware:

Magnet Goblin Exploits Ivanti Vulnerabilities [Freelance Journalist, Info Security]

StopCrypt: Most widely distributed ransomware evolves to evade detection [Bill Toulas, Bleeping Computer]