C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

Infosec bits for 2023 week 37

Kgwadi Matenche

2023-09-15 13:45

Cybersecurity News:
- Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack [THN, The Hacker News]
- Royal Dutch Football Association confirms it paid ransom for hacked employee data [Jonathan Greig, Recorded Future News]
- New WiKI-Eve attack can steal numerical passwords over WiFi [Bill Toulas, Bleeping Computer]
- Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks [Ionut Arghire, Security Week]
Vulnerabilities & Patches:
- Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws [Lawrence Abrams, Bleeping Computer]
- Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints [THN, The Hacker News]
- SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA [Ionut Arghire, Security Week]
- Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks [Sergiu Gatlan, Bleeping Computer]
- Adobe Fixed Actively Exploited Zero-day in Acrobat and Reader [Pierluigi Paganini, Security Affairs]
- Apple patches two zero-days under attack [Zeljka Zorz, Help Net Security]
- Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild – Update Now [THN, The Hacker News]
Breaches & Leaks:
- IT Systems Encrypted After UK School Hit By Ransomware [Phil Muncaster, Infosecurity Magazine]
- Auckland transport authority hit by suspected ransomware attack [Bill Toulas, Bleeping Computer]
- A Second Major British Police Force Suffers a Cyberattack in Less Than a Month [Associated Press, Security Week]
- Threat Actor Leaks Sensitive Data Belonging to Airbus [Pierluigi Paganini, Security Affairs]
- Save the Children International hit with cyberattack, but says operations weren�t impacted [Jonathan Greig, Recorded Future News]
Others:
- How to Transform Security Awareness Into Security Culture [Perry Carpenter, Dark Reading]

Infosec bits for 2023 week 36

Maajied Moos

2023-09-08 13:17

Cybersecurity News:
- 5 ways in which FHE can solve blockchain�s privacy problems [Pascal Paillier, Help Net Security]
- Spam is up, QR codes emerge as a significant threat vector [Help Net Security, Help Net Security]
- Zero-day attacks are on the rise. Can patches keep up? [Sue Poremba, Security Intelligence]
- 2023 Cost of a Data Breach: Key Takeaways [Matthew Jerzewski, Tripwire]
- Demystifying Smishing vs Phishing Attacks for a Safer Online Experience [Cofense, Cofense]
Data Breaches:
- Golf club maker Callaway says 1 million affected by data breach [Joe Warminsky, The Record]
- University of Sydney data breach impacts recent applicants [Bill Toulas, Bleeping Computer]
- Attackers accessed UK military data through high-security fencing firm’s Windows 7 rig [Richard Speed, The Register]
Vulnerabilities:
- ASUS routers vulnerable to critical remote code execution flaws [Bill Toulas, Bleeping Computer]
- Mend.io SAML Vulnerability Exposed [Alessandro Mascellino, Info Security Magazine]
- Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw [THN, The Hacker News]
- Chrome 116 Update Patches High-Severity Vulnerabilities [Ionut Arghire, Security Week]
Malware:
- Chrome extensions can steal plaintext passwords from websites [Bill Toulas, Bleeping Computer]
- MSSQL Databases Under Fire From FreeWorld Ransomware [Nathan Eddy, Dark Reading]
- Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers [THN, The Hacker News]
- Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs [Ionut Arghire, Security Week]

Infosec bits for 2023 week 35

Heloise Meyer

2023-09-01 08:33

Cybersecurity News:
- Kali Linux 2023.3 released: Kali NetHunter app redesign, 9 new tools, and more! [Help Net Security, Help Net Security]
- How the FBI nuked Qakbot malware from infected Windows PCs [Lawrence Abrams, Bleeping Computer]
- Attackers hiding malicious Word files in PDFs [Myles Illidge, MyBroadband]
- NCSC Issues Cyber Warning Over AI Chatbots [James Coker, Infosecurity Magazine]
- How Hackers Abusing ChatGPT Features For Their Cybercriminal Activities � Bypass Censorship [Tushar Subhra Dutta, Cyber Security News]
Data Breaches:
- Kroll SIM-swap attack: FTX, BlockFi and Genesis clients� info exposed [Helga Labus, Help Net Security]
- Sensitive Data of 10 Million at Risk After French Employment Agency Breach [Kevin Poireault, Infosecurity Magazine]
- 2.6 million DuoLingo users have scraped data released [Pieter Arntz, Malwarebytes]
Vulnerabilities:
- New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC [THN, The Hacker News]
- Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks [Ionut Arghire, SecurityWeek]
- Hackers exploit critical Juniper RCE bug chain after PoC release [Sergiu Gatlan, Bleeping Computer]
- High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome [Ionut Arghire, SecurityWeek]
- VMware fixes critical vulnerability in Aria Operations for Networks [Helga Labus, Help Net Security]
Malware:
- China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users [THN, The Hacker News]
- Spain warns of LockBit Locker ransomware phishing attacks [Bill Toulas, Bleeping Computer]
- Juice jacking: Is it a real issue or media hype? [Jennifer Gregory, Security Intelligence]

Infosec bits for 2023 week 31

Heloise Meyer

2023-08-04 15:12

Cybersecurity News:
- Cyberattacks – South Africa needs an integrated approach to protect critical infrastructure [Adius Ncube, Daily Maverick]
- Humans Unable to Reliably Detect Deepfake Speech [James Coker, Infosecurity Magazine]
- Hacktivists fund their operations using common cybercrime tactics [Bill Toulas, Bleeping Computer]
- How Universities Can Help Support the National Cybersecurity Strategy [Dr Pat Engebretson, Infosecurity Magazine]
- Cybercriminals train AI chatbots for phishing, malware attacks [Bill Toulas, Bleeping Computer]
Phishing Attacks:
- AI-Enhanced Phishing Driving Ransomware Surge [Kevin Poireault, Infosecurity Magazine]
- Beware of this latest phishing attack disguised as an official Google email [Kurt Knutsson, Fox news]
- Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign [Pierluigi Paganini, SecurityAffairs]
- Russian hackers target govt orgs in Microsoft Teams phishing attacks [Sergiu Gatlan, Bleeping Computer]
Malware:
- New malware can give a hacker control of your Mac without you realizing it [Roman Loyola, Macworld]
- New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets [THN, The Hacker News]
- Hackers use new malware to breach air-gapped devices in Eastern Europe [Bill Toulas, Bleeping Computer]
- New Reptile Rootkit Malware Attacking Linux Systems Using Port Knocking [Tushar Subhra Dutta, Cyber Security News]
Vulnerabilities:
- Threat Actors Exploiting Ivanti EPMM Vulnerabilities [CISA, Cybersecurity and Infrastructure Security Agency]
- Dozens of RCE Vulnerabilities Impact Milesight Industrial Router [Ionut Arghire, SecurityWeek]
- Firefox 116 Patches High-Severity Vulnerabilities [Ionut Arghire, SecurityWeek]
Tooling:
- Open-source penetration testing tool BloodHound CE released [Mirko Zorz, Help Net Security]

Infosec bits for 2023 week 30

Sicelo Ncekana

2023-07-28 20:46

Cybersecurity News:
- Kenyan gov’t says its e-Citizen portal suffered cyberattack [Andrew Wasike, Anadolu Agency]
- Security Incident Impacts CardioComm’s Operations [Alessandro Mascellino, Infosecurity Magazine]
- New Study Reveals Forged Certificate Attack Risks [Alessandro Mascellino, Infosecurity Magazine]
Breaches & Leaks:
- BreachForums database and private chats for sale in hacker data breach [Lawrence Abrams, Bleeping Computer]
- Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches [The Hacker News, The Hacker News]
- 8 million people hit by data breach at US govt contractor Maximus [Bill Toulas, Bleeping Computer]
Vulnerabilities & Patches:
- Zimbra patches zero-day vulnerability exploited in XSS attacks [Sergiu Gatlan, Bleeping Computer]
- Vulnerabilities exposed Peloton treadmills to malware and DoS attac [HABIBA RASHID, HackRead]
- Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required [The Hacker News, The Hacker News]
- GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users [The Hacker News, The Hacker News]
- Patch Now: Up to 900K MikroTik Routers Vulnerable to Total Takeover [Jai Vijayan, DarkReading]
- Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation [Ryan Naraine, Security Week]
- AMD ‘Zenbleed’ exploit can leak passwords and encryption keys from Ryzen CPUs [Jess Weatherbed, TheVerge]
Malware
- New Android malware uses OCR to steal credentials from images [Bill Toulas, Bleeping Computer]
- Hackers spreading malware in Call of Duty lobbies [Myles Illidge, MyBroadband]
- New Nitrogen malware pushed via Google Ads for ransomware attacks [Bill Toulas, Bleeping Computer]
- Decoy Dog Malware Upgraded to Include New Features [Alessandro Mascellino, Infosecurity Magazine]

Infosec bits for 2023 week 29

Kgwadi Matenche

2023-07-21 14:44

Cybersecurity News:
- Microsoft: Hackers turn Exchange servers into malware control centers [Lawrence Abrams, Bleeping Computer]
- Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens [The Hacker News]
- Massive Targeted Exploit Campaign Against WooCommerce Payments Underway [Ram Gall, Wordfence]
Breaches & Leaks:
- JumpCloud breach traced back to North Korean state hackers [Sergiu Gatlan, Bleeping Computer]
- Estée Lauder takes down some systems following cyberattack [Matt Kapko, Cybersecurity Dive]
- VirusTotal Data Leak Exposes Some Registered Customers’ Details [The Hacker News]
- Thousands of images on Docker Hub leak auth secrets, private keys [Bill Toulas, Bleeping Computer]
Vulnerabilities & Patches:
- Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities [Eduard Kovacs, Security Week]
- Citrix NetScaler zero-day exploited in the wild, patch is available [Helga Labus, Help Net Security]
- Chrome 115 Update for Windows, MacOS, and Linux – 20 Vulnerabilities Patched [Guru, Cyber Security News]
- Oracle Releases 508 New Security Patches With July 2023 CPU [Ionut Arghire, Security Week]
Other:
- P2P Self-Replicating Cloud Worm Targets Redis [Dark Reading]
- Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service [Jonathan Greig, The Record]

Infosec bits for 2023 week 28

Heloise Meyer

2023-07-14 10:27

Cybersecurity News:
- Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments [The Hacker News, The Hacker News]
- Why Higher Ed Institutions Should Be Concerned About Rising Malware Attacks [Doug Bonderud, EdTech]
- CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities [Help Net Security, Help Net Security]
- How Are Higher Ed Cyber Attacks Evolving? [Brandon Paykamian, Governement Technology]
- WormGPT Cybercrime Tool Heralds an Era of AI Malware vs. AI Defenses [Nathan Eddy, Dark Reading]
Malware:
- Android malware disguised as ChatGPT apps targeting smartphone users : Palo Alto Networks Unit 42 Research [Manila Standard – Tech, Manila Standard – Tech]
- Triada Malware Infects Android Devices via Fake Telegram App [WAQAS, Hack Read]
- Source code for BlackLotus Windows UEFI malware leaked on GitHub [Bill Toulas, Bleeping Computer]
- Malware Steals Over 100,000 ChatGPT Accounts [Grace Ashiru, Tech in Africa]
- Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware? [The Hacker News, The Hacker News]
- New PyLoose Linux malware mines crypto directly from memory [Bill Toulas, Bleeping Computer]
Vulnerabilities & Patches:
- Juniper Networks Patches High-Severity Vulnerabilities in Junos OS [Ionut Arghire, Security Week]
- Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers [Zeljka Zorz, Help Net Security]
- Microsoft Fixes Six Zero-Days This Patch Tuesday [Phil Muncaster, Infosecurity Magazine]

Infosec bits for 2023 week 27

Maajied Moos

2023-07-11 11:12

Cybersecurity News:
- Businesses are ignoring third-party security risks [Help Net Security, Help Net Security]
- Mobile Cyberattacks Soar, Especially Against Android Users [Robert Lemos, Dark Reading]
- DDoS Carpet-Bombing – Coming In Fast And Brutal [Itay Raviv, Radware]
- Teen among suspects arrested in Android banking malware scheme [WAQAS, Hack Read]
- Report Reveals Companies Unprepared For Darknet Data Leaks [Alessandro Mascellino, Info security Magazine]
- ChatGPT Shared Links and Information Protection: Risks and Measures Organizations Must Understand [Matsukawa Bakuei, Trend Micro]
Malware:
- Proxyjacking: The Latest Cybercriminal Side Hustle [Allen West, Akamai]
- Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator [Lucas Silva, RonJay Caragay, Arianne Dela Cruz, Gabriel Cardoso, Trend Micro]
- Musk Losing Battle of Bad Bots as Rate Limits Begin [Phil Muncaster, Info security Magazine]
- New tool exploits Microsoft Teams bug to send malware to users [Bill Toulas, Bleeping Computer]
Vulnerabilities & Patches:
- 300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug [Bill Toulas, Bleeping Computer]
- Ghostscript bug could allow rogue documents to run system commands [Paul Ducklin, Naked Security]
- 3 Critical RCE Bugs Threaten Industrial Solar Panels, Endangering Grid Systems [Nate Nelson, Dark Reading]
Breakches, Hacks, Leaks:
- Microsoft denied the data breach after the collective of hacktivists known as Anonymous Sudan claimed to have hacked the company [Pierluigi Paganini, Security Affairs]
- Hackers stole millions of dollars worth of crypto assets from Poly Network platform [Pierluigi Paganini, Security Affairs]

Infosec bits for 2023 week 26

Sicelo Ncekana

2023-07-01 13:20

Cybersecurity News:
- Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts [Ravie Lakshmanan, The Hacker News]
- A proxyjacking campaign is looking for vulnerable SSH servers [Pieter Arntz, malwarebytes Labs]
- Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack [Eduard Kovacs, Security week]
- Beware: New ‘Rustbucket’ Malware Variant Targeting macOS Users [Ravie Lakshmanan, The Hacker News]
- Android users at risk as banking trojan targets more apps [Kurt Knutsson, Fox News]
- Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data [Ravie Lakshmanan, The Hacker News]
Breaches & Leaks:
- Cyberattack exposes data on nearly 9K American and Southwest Airlines pilot applicants [Matt Kapko, Cybersecurity Dive]
- Apple chip supplier confirms data breach, hackers claim $70 million ransomware [The times of India, The times of India]
- TSMC confirms supplier data breach following ransom demand by Russian-speaking cybercriminal group [Sean Lyngaas, CNN]
Vulnerabilities & Patches:
- A proxyjacking campaign is looking for vulnerable SSH servers [Pieter Arntz, malwarebytes Labs]
- Update Your iPhone Right Now to Fix 2 Apple Zero Days | WIRED [WiredAndrew Couts, Wired]
- Microsoft Teams bug allows malware delivery from external accounts [Bill Toulas, Bleeping Computer]
- MITRE releases new list of top 25 most dangerous software bugs [Sergiu Gatlan, Bleeping Computer]
- New Fortinet’s FortiNAC Vulnerability Exposes Networks to Code Execution Attacks [Ravie Lakshmanan, The hacker news]
- Exploit released for new Arcserve UDP auth bypass vulnerability [Sergiu Gatlan, Bleeping Computer]
- Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain [Eduard Kovacs, Security week]

Infosec bits for 2023 week 25

Kgwadi Matenche

2023-06-23 13:42

Cybersecurity News:
- Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack [Ravie Lakshmanan, The Hacker News]
- 100,000 Hacked ChatGPT Accounts Discovered on Dark Web [Waqas, HackRead]
- Hackers warn University of Manchester students of imminent data leak [Lawrence Abrams, Bleeping Computer]
- Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads [Deeba Ahmed, HackRead]
Breaches & Leaks:
- Iowa’s largest school district confirms ransomware attack, data theft [Sergiu Gatlan, Bleeping Computer]
- Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities [Pierluigi Paganini, Security Affairs]
- UPS discloses data breach after exposed customer info used in SMS phishing [Sergiu Gatlan, Bleeping Computer]
Vulnerabilities & Patches:
- VMware Aria Operations for Networks vulnerability exploited in the wild [Zeljka Zorz, Help Net Security]
- Asus Patches Highly Critical WiFi Router Flaws [Ryan Naraine, Security Week]
- VMware fixes vCenter Server bugs allowing code execution, auth bypass [Sergiu Gatlan, Bleeping Computer]
- Apple addressed actively exploited zero-day flaws in iOS, macOS, and Safari [Pierluigi Paganini, Security Affairs]