1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 21

Heloise Meyer | May 24, 2024, 12:19 p.m.

Cybersecurity News:

  • New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts [Newsroom, The Hacker News]
  • Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report [Kevin Townsend, SecurityWeek]
  • Hacker shows how to steal someone’s payment card details and buy a tank of petrol [Jan Vermeulen, MyBroadband]
  • Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses [Newsroom, The Hacker News]
  • Why We Need to Get a Handle on AI [Marc Solomon, SecurityWeek]
  • Vulnerabilities & Patches:

  • Chrome 125 Update Patches High-Severity Vulnerabilities [Ionut Arghire, SecurityWeek]
  • WordPress Unauthenticated Arbitrary SQL Execution Vulnerability [Security News, SonicWall]
  • High-severity GitLab flaw lets attackers take over accounts [Sergiu Gatlan, BleepingComputer]
  • Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox [Newsroom, The Hacker News]
  • Veeam warns of critical Backup Enterprise Manager auth bypass bug [Sergiu Gatlan, BleepingComputer]
  • Cyber Attacks & Data Breaches:

  • OmniVision Says Personal Information Stolen in Ransomware Attack [Ionut Arghire, SecurityWeek]
  • MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks [Newsroom, The Hacker News]
  • Ongoing Malvertising Campaign leads to Ransomware [Tyler McGraw, Rapid7]
  • Beware of HTML Masquerading as PDF Viewer Login Pages [Hassan Faizan, Forcepoint]
  • Report Reveals 341% Rise in Advanced Phishing Attacks [Alessandro Mascellino, Infosecurity Magazine]
  • Tooling:

  • Grafana: Open-source data visualization platform [Mirko Zorz, Help Net Security]