1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 30

Heloise Meyer | July 26, 2024, 4:49 p.m.

Cybersecurity News:

  • Phish-Friendly Domain Registry “.top” Put on Notice [Brian Krebs, KrebsonSecurity]
  • QR Codes: Convenience or Cyberthreat? [Sara Atie, Trend Micro]
  • Unexpected Lessons Learned From the CrowdStrike Event [Chip Stewart, Dark Reading]
  • CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices [Newsroom, The Hacker News]
  • Beyond the blue screen of death: Why software updates matter [The Editor, We Live Security]
  • Vulnerabilities & Patches:

  • ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions [Liv Matan, Tenable]
  • Docker fixes critical 5-year old authentication bypass flaw [Bill Toulas, BleepingComputer]
  • Chrome 127 Patches 24 Vulnerabilities [Ionut Arghire, SecurityWeek]
  • Data Breaches & Attacks:

  • Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware [Zack Whittaker, Tech Crunch]
  • Threat Actors Use Telegram APIs for Harvesting Credentials [Hassan Faizan, Forcepoint]
  • Novel ICS Malware Sabotaged Water-Heating Services in Ukraine [Jai Vijayan, Dark Reading]
  • Tooling:

  • Shuffle Automation: Open-source security automation platform [Mirko Zorz, Help Net Security]
  • Microsoft releases Windows repair tool to remove CrowdStrike driver [Lawrence Abrams, BleepingComputer]