Infosec bits for 2023 week 35

Sicelo Ncekana | Aug. 30, 2024, 2:48 p.m.

Cybersecurity News:

Top Travel Sites Have Some First-Class Security Issues to Clean Up [Elizabeth Montalbano, Dark Reading]

BlackByte Adopts New Tactics, Targets ESXi Hypervisors [Alessandro Mascellino, Inforsecurity-magazine]

Ransomware Attacks Exposed 6.7 Million Records in US Schools [Imran Rasheed, Imran Rasheed]

Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs [David Jones, Cybersecurity Dive]

Vulnerabilities & Patches:

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns [Ravie Lakshmanan, The Hacker News]

Exploited: CISA Highlights Apache OFBiz Flaw After PoC Emerges [Kristina Beek, Dark Reading]

Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE [Do Son, ]

Unpatchable 0-day in surveillance cam is being exploited to install Mirai [Dan Goodin, Ars Technica]

Malware:

Fake Palo Alto GlobalProtect used as lure to backdoor enterprises [Bill Toulas, Bleeping Computer]

Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules [Zachary Reichert, Aon]

New LummaC2 Malware Variant Uses PowerShell, Obfuscation to Steal Data [WAQAS, Hack Read]

Attack tool update impairs Windows computers [Andreas Klopsch, Sophos News]

New Tickler malware used to backdoor US govt, defense orgs [Sergiu Gatlan, Bleeping Computer]

Malware exploits 5-year-old zero-day to infect end-of-life IP cameras [Bill Toulas, Bleeping Computer]

Breaches & Leaks:

Popular South African online store hit by data breach [Myles Illidge, Mybraodband]

Durex India’s Security Lapse Reveals Personal Data of Customers [Krishna Murthy, Cyber Express]

Other

VirusTotal for Threat Research: A Detailed Guide Released – 2024 [Balaji N, Cybersecurity News]

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals [The Hacker News, The Hacker News]