1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 23

Maajied Moos | June 10, 2024, 8:07 a.m.

Cybersecurity News:

  • Perfecting the Proactive Security Playbook [Nabil Hannan, Dark Reading]
  • The murky world of password leaks – and how to check if you’ve been hit [Márk Szabó, We Live Security]
  • Vulnerabilities & Patches:

  • These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required) [Liv Matan, Tenable]
  • Exploit for critical Progress Telerik auth bypass released, patch now [Bill Toulas, Bleeping Computer]
  • Zyxel issues emergency RCE patch for end-of-life NAS devices [Bill Toulas, Bleeping Computer]
  • TikTok warns of exploit aimed at 'high-profile accounts' [Jonathan Greig, The Record]
  • 37 Vulnerabilities Patched in Android [Ionut Arghire, Security Week]
  • CISCO ADDRESSED WEBEX FLAWS USED TO COMPROMISE GERMAN GOVERNMENT MEETINGS [Pierluigi Paganini, Security Affairs]
  • Breaches & Leaks:

  • Ticketmaster confirms massive breach after stolen data for sale online [Lawrence Abrams, Bleeping Computer]
  • CROOKS STOLE MORE THAN $300M WORTH OF BITCOIN FROM THE EXCHANGE DMM BITCOIN [Pierluigi Paganini, Security Affairs]
  • Others:

  • CRITICAL APACHE LOG4J2 FLAW STILL THREATENS GLOBAL FINANCE [Pierluigi Paganini, Security Affairs]
  • NethSecurity: Open-source Linux firewall [Mirko Zorz, Help Net Security]
  • Malware:

  • How to tell if a VPN app added your Windows device to a botnet [Pieter Arntz, Malwarebytes Labs]
  • WhatsApp cryptocurrency scam goes for the cash prize [Pieter Arntz, Malwarebytes Labs]
  • Fog' Ransomware Rolls in to Target Education, Recreation Sectors [Nate Nelson, Dark Reading]
  • Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) [ryushsh, ASEC]
  • Attacks Targeting MS-SQL Servers Detected by AhnLab EDR [Sanseo, ASEC]