1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 10

Heloise Meyer | March 8, 2024, 12:54 p.m.

Cybersecurity News:

  • The Rise of Social Engineering Fraud in Business Email Compromise [Microsoft Security, DarkReading]
  • South Africa’s official companies database hacked [Hanno Labuschagne, MyBroadband]
  • SA’s government departments are sitting ducks for cyber attacks [Liesl Peyper, Moneyweb]
  • ISPA provides update on SA cyber security [cajnews, CAJ News Africa]

    • Cyberattacks and Data Breaches:

  • Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks [Newsroom, The Hacker News]
  • QEMU Emulator Exploited as Tunneling Tool to Breach Company Network [Newsroom, The Hacker News]
  • American Express credit cards exposed in third-party data breach [Lawrence Abrams, BleepingComputer]

    • Vulnerabilities & Patches:

  • Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws [Newsroom, The Hacker News]
  • VMware Patches Critical ESXi Sandbox Escape Flaws [Ryan Naraine, SecurityWeek]

    • Malware:

  • New Python-Based Snake Info Stealer Spreading Through Facebook Messages [Newsroom, The Hacker News]

    • Tools:

  • PyRIT: Open-source framework to find risks in generative AI systems [Mirko Zorz, Help Net Security]
  • Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses [David González Cuautle, ESET]
  • RiskInDroid: Open-source risk analysis of Android apps [Mirko Zorz, Help Net Security]

    • Contact Us:

    csirt {at} sanren.ac.za

    CSIRT:

    0x898215F56081EBEB

    Heloise:

    0xD367253D12C5BBBC

    Kgwadi:

    0xDD7E5C2E539972EB

    Sicelo:

    0x2346D2ACE7F536B6

    Maajied:

    0xEE9BE86AD16D89C2