1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 18

Heloise Meyer | May 3, 2024, 2:03 p.m.

Cybersecurity News:

  • South African firms paid ransomware attackers an average of R17.9 million [Daniel Puchert, MyBroadband]
  • Shadow APIs: An Overlooked Cyber-Risk for Orgs [Jai Vijayan, Dark Reading]
  • AI-driven phishing attacks deceive even the most aware users [Help Net Security, Help Net Security]
  • New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024 [Newsroom, The Hacker News]
  • Data Breaches & Leaks:

  • Panda Restaurants discloses data breach after corporate systems hack [Sergiu Gatlan, Bleeping Computer]
  • Dropbox says hacker accessed passwords, authentication info during breach [Jonathan Greig, The Record]
  • Malware:

  • Millions of Malicious Containers Found on Docker Hub [Alessandro Mascellino, Infosecurity Magazine]
  • Cuttlefish malware targets enterprise-grade SOHO routers [Pierluigi Paganini, SecurityAffairs]
  • Vulnerabilities & Patches:

  • New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw [Newsroom, The Hacker News]
  • HPE Aruba Networking fixes four critical RCE flaws in ArubaOS [Bill Toulas, Bleeping Computer]
  • Billions of Android Devices Open to 'Dirty Stream' Attack [Jai Vijayan, Dark Reading]
  • CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability [Newsroom, The Hacker News]
  • When is One Vulnerability Scanner Not Enough? [The Hacker News, The Hacker News]