1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 10

Heloise Meyer | March 8, 2024, 12:54 p.m.

Cybersecurity News:

  • The Rise of Social Engineering Fraud in Business Email Compromise [Microsoft Security, DarkReading]
  • South Africa’s official companies database hacked [Hanno Labuschagne, MyBroadband]
  • SA’s government departments are sitting ducks for cyber attacks [Liesl Peyper, Moneyweb]
  • ISPA provides update on SA cyber security [cajnews, CAJ News Africa]
  • Cyberattacks and Data Breaches:

  • Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks [Newsroom, The Hacker News]
  • QEMU Emulator Exploited as Tunneling Tool to Breach Company Network [Newsroom, The Hacker News]
  • American Express credit cards exposed in third-party data breach [Lawrence Abrams, BleepingComputer]
  • Vulnerabilities & Patches:

  • Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws [Newsroom, The Hacker News]
  • VMware Patches Critical ESXi Sandbox Escape Flaws [Ryan Naraine, SecurityWeek]
  • Malware:

  • New Python-Based Snake Info Stealer Spreading Through Facebook Messages [Newsroom, The Hacker News]
  • Tools:

  • PyRIT: Open-source framework to find risks in generative AI systems [Mirko Zorz, Help Net Security]
  • Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses [David González Cuautle, ESET]
  • RiskInDroid: Open-source risk analysis of Android apps [Mirko Zorz, Help Net Security]