Infosec bits for 2024 week 10
Heloise Meyer | March 8, 2024, 12:54 p.m.
Cybersecurity News:
The Rise of Social Engineering Fraud in Business Email Compromise [Microsoft Security, DarkReading]
South Africa’s official companies database hacked [Hanno Labuschagne, MyBroadband]
SA’s government departments are sitting ducks for cyber attacks [Liesl Peyper, Moneyweb]
ISPA provides update on SA cyber security [cajnews, CAJ News Africa]
Cyberattacks and Data Breaches:
Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks [Newsroom, The Hacker News]
QEMU Emulator Exploited as Tunneling Tool to Breach Company Network [Newsroom, The Hacker News]
American Express credit cards exposed in third-party data breach [Lawrence Abrams, BleepingComputer]
Vulnerabilities & Patches:
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws [Newsroom, The Hacker News]
VMware Patches Critical ESXi Sandbox Escape Flaws [Ryan Naraine, SecurityWeek]
Malware:
New Python-Based Snake Info Stealer Spreading Through Facebook Messages [Newsroom, The Hacker News]
Tools:
PyRIT: Open-source framework to find risks in generative AI systems [Mirko Zorz, Help Net Security]
Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses [David González Cuautle, ESET]
RiskInDroid: Open-source risk analysis of Android apps [Mirko Zorz, Help Net Security]