Infosec bits for 2024 week 23
Maajied Moos | June 10, 2024, 8:07 a.m.
Cybersecurity News:
Perfecting the Proactive Security Playbook [Nabil Hannan, Dark Reading]
The murky world of password leaks – and how to check if you’ve been hit [Márk Szabó, We Live Security]
Vulnerabilities & Patches:
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required) [Liv Matan, Tenable]
Exploit for critical Progress Telerik auth bypass released, patch now [Bill Toulas, Bleeping Computer]
Zyxel issues emergency RCE patch for end-of-life NAS devices [Bill Toulas, Bleeping Computer]
TikTok warns of exploit aimed at 'high-profile accounts' [Jonathan Greig, The Record]
37 Vulnerabilities Patched in Android [Ionut Arghire, Security Week]
CISCO ADDRESSED WEBEX FLAWS USED TO COMPROMISE GERMAN GOVERNMENT MEETINGS [Pierluigi Paganini, Security Affairs]
Breaches & Leaks:
Ticketmaster confirms massive breach after stolen data for sale online [Lawrence Abrams, Bleeping Computer]
CROOKS STOLE MORE THAN $300M WORTH OF BITCOIN FROM THE EXCHANGE DMM BITCOIN [Pierluigi Paganini, Security Affairs]
Others:
CRITICAL APACHE LOG4J2 FLAW STILL THREATENS GLOBAL FINANCE [Pierluigi Paganini, Security Affairs]
NethSecurity: Open-source Linux firewall [Mirko Zorz, Help Net Security]
Malware:
How to tell if a VPN app added your Windows device to a botnet [Pieter Arntz, Malwarebytes Labs]
WhatsApp cryptocurrency scam goes for the cash prize [Pieter Arntz, Malwarebytes Labs]
Fog' Ransomware Rolls in to Target Education, Recreation Sectors [Nate Nelson, Dark Reading]
Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) [ryushsh, ASEC]
Attacks Targeting MS-SQL Servers Detected by AhnLab EDR [Sanseo, ASEC]