1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2023 week 31

Sicelo Ncekana | Aug. 5, 2024, 8:30 a.m.

Cybersecurity News:

  • Ransomware Gangs Exploiting VMware ESXi Auth Bypass Flaw for Mass Attack [Guru Baran, Cybersecurity News]
  • Google enhances Chrome security on Windows with app-bound encryption to fight cookie theft [Paul, AlternativeTo]
  • Microsoft Confirms Global Azure Outage Caused by DDoS Attack [Fiona Jackson, TechRepublic]
  • Vulnerabilities & Patches:

  • Weekly Vulnerability Report: Cyble Urges Fixes in ServiceNow, Outlook, Docker Engine [Paul Shread, The Cyber Express]
  • Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform [Ravie Lakshmanan, The Hacker News]
  • Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks [Guru Baran, Cybersecurity News]
  • Proofpoint Vulnerability Exploited for Phishing Campaign [Anuj Mudaliar, Spiceworks]
  • Malware:

  • Telegram App Flaw Exploited to Spread Malware Hidden in Videos [Ravie Lakshmanan, The Hacker News]
  • Record-Breaking $75 Million Ransom Paid To Dark Angels Gang [Davey Winder, Forbes]
  • Android spyware 'Mandrake' hidden in apps on Google Play since 2022 [Bill Toulas, Bleeping Computer]
  • Google Ads spread Mac malware disguised as popular browser [Kurt Knutsson, Fox News]
  • Walmart Discovers New PowerShell Backdoor Linked to Zloader Malware [James Coker, Infosecurity Magazine]
  • Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread [Ravie Lakshmanan, The Hacker News]
  • StackExchange abused to spread malicious PyPi packages as answers [Bill Toulas, Bleeping Computer]
  • Telegram-Controlled TgRat Trojan Now Targets Linux Servers [WAQAS, Hackread]
  • Breaches & Leaks:

  • 4.3 million people hit in massive healthcare data breach with full names, addresses and SSNs exposed online — what to do now [Tom's guide, Anthony Spadafora]
  • Canada launches investigation into Ticketmaster data breach [Ismail Shakil, XM]
  • Millions more victims exposed in debt collection agency data breach [Sead Fadilpašić, Techrador]