Infosec bits for 2024 week 2
Heloise Meyer | Jan. 11, 2024, 11 a.m.
Cybersecurity news:
Insider cyber threats hamper SA firms [Simnikiwe Mzekandaba, ITweb]
Social engineer reveals effective tricks for real-world intrusions [Mirko Zorz, Help Net Security]
There is a Ransomware Armageddon Coming for Us All [The Hacker News, The Hacker News]
If you prepare, a data security incident will not cause an existential crisis [Dan Alam, Help Net Security]
Vulnerabilities & Patches:
Nearly 11 million SSH servers vulnerable to new Terrapin attacks [Bill Toulas, Bleeping Computer]
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability [Newsroom, The Hacker News]
Google Patches Six Vulnerabilities With First Chrome Update of 2024 [Ionut Arghire, Security Week]
Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities [Newsroom, The Hacker News]
Malware:
Linux devices are under attack by a never-before-seen worm [Dan Goodin, Ars Technica]
Details of a new, novel advanced malware attack using Microsoft Office [X-Labs Researcher, Forcepoint]
Hacks & Breaches:
China claims it cracked Apple's AirDrop to find numbers, email addresses [Lawrence Abrams, Bleeping Computer]
Entire population of Brazil possibly exposed in massive data leak [Paulina Okunytė, Cybernews]
Framework discloses data breach after accountant gets phished [Sergiu Gatlan, Bleeping Computer]