Infosec bits for week 27/22
- Security News:
- Researchers discover rogue Node.js packages stealing data [Rual de Vries, MyBroadband]
- Ukrainian police takes down phishing gang behind payments scam [Charlie Osborne, ZDNet]
- AstraLocker ransomware shuts down and releases decryptors [Sergiu Gatlan, Bleeping Computer]
- Malware:
- OrBit, a new sophisticated Linux malware still undetected [Pierluigi Paganini, Security Affairs]
- Breaches & Leaks:
- Marriott confirms another data breach after hotel got hacked [Sergiu Gatlan, Bleeping Computer]
- Cyberattack knocks out California community college email, website, landlines [Jonathan Greig, The Record]
- Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: ‘Lives at Stake’ [Nathan Eddy, Dark Reading]
- Hacker Selling Shanghai Police Database with Billions of Chinese Citizen Data [Waqas, HackRead]
- Vulnerabilities & Patches:
- Django Software Foundation Patches High-Severity Bug [Mihir Bagwe, Bank Info Security]
-
Chromium’s WebRTC zero-day fix arrives in Microsoft Edge [Richard Speed, The Register]
- Google updates Chrome to squash actively exploited WebRTC Zero Day [Simon Sharwood, The Register]
- Cisco and Fortinet Release Security Patches for Multiple Products [Ravie Lakshmanan, The Hacker News]
- Others: