Infosec bits for week 37/22
- Security News:
- New malware bundle self-spreads through YouTube gaming videos [Bill Toulas, Bleeping Computer]
- Malware on Pirated Content Sites a Major WFH Risk for Enterprises [Jai Vijayan, Dark Reading]
- Phishing:
- Death of Queen Elizabeth II exploited to steal Microsoft credentials [Sergiu Gatlan, Bleeping Computer]
- Breaches & Leaks:
- Uber investigating possible hack of internal databases [Bloomberg, MyBroadband]
- Ransomware Group Leaks Files Stolen From Cisco [Eduard Kovacs, SecurityWeek]
- Breach of software maker used to backdoor ecommerce servers [Don Goodin, Ars Technica]
- Malware:
- Linux variant of the SideWalk backdoor discovered [Help Net Security]
- Vulnerabilities & Patches:
- Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws [Lawrence Abrams, Bleeping Computer]
- Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw [Ravie Lakshmanan, The Hacker News]
- Adobe Patches 63 Security Flaws in Patch Tuesday Bundle [Ryan Naraine, SecurityWeek]
-
WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin [Ionut Arghire, SecurityWeek]
- Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned [Pierluigi Paganini, Security Affairs]
- Others:
- A Response Guide for New NSA and CISA Vulnerabilities [Mark Stone, Security Intelligence]
- China says NSA used multiple cybersecurity tools in attacks against Chinese university [Eileen Yu, ZDNet]