Infosec bits for 2024 week 23

Maajied Moos | June 10, 2024, 8:07 a.m.

Cybersecurity News:

Perfecting the Proactive Security Playbook [Nabil Hannan, Dark Reading]

The murky world of password leaks – and how to check if you’ve been hit [Márk Szabó, We Live Security]

Vulnerabilities & Patches:

These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required) [Liv Matan, Tenable]

Exploit for critical Progress Telerik auth bypass released, patch now [Bill Toulas, Bleeping Computer]

Zyxel issues emergency RCE patch for end-of-life NAS devices [Bill Toulas, Bleeping Computer]

TikTok warns of exploit aimed at 'high-profile accounts' [Jonathan Greig, The Record]

37 Vulnerabilities Patched in Android [Ionut Arghire, Security Week]

CISCO ADDRESSED WEBEX FLAWS USED TO COMPROMISE GERMAN GOVERNMENT MEETINGS [Pierluigi Paganini, Security Affairs]

Breaches & Leaks:

Ticketmaster confirms massive breach after stolen data for sale online [Lawrence Abrams, Bleeping Computer]

CROOKS STOLE MORE THAN $300M WORTH OF BITCOIN FROM THE EXCHANGE DMM BITCOIN [Pierluigi Paganini, Security Affairs]

Others:

CRITICAL APACHE LOG4J2 FLAW STILL THREATENS GLOBAL FINANCE [Pierluigi Paganini, Security Affairs]

NethSecurity: Open-source Linux firewall [Mirko Zorz, Help Net Security]

Malware:

How to tell if a VPN app added your Windows device to a botnet [Pieter Arntz, Malwarebytes Labs]

WhatsApp cryptocurrency scam goes for the cash prize [Pieter Arntz, Malwarebytes Labs]

Fog' Ransomware Rolls in to Target Education, Recreation Sectors [Nate Nelson, Dark Reading]

Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) [ryushsh, ASEC]

Attacks Targeting MS-SQL Servers Detected by AhnLab EDR [Sanseo, ASEC]