Infosec bits for 2024 week 32
Maajied Moos | Aug. 8, 2024, 3:43 p.m.
Cybersecurity News:
Implementing Identity Continuity With the NIST Cybersecurity Framework [Eric Olden, Dark Reading]
The role of AI in cybersecurity operations [Edward Wu, Help Net Security]
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise [Help Net Security, Help Net Security]
Vulnerabilities & Patches:
Linux kernel impacted by new SLUBStick cross-cache attack [Bill Toulas, Bleeping Computer]
SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability [Hasib Vhora, Sonic Wall]
Researchers Uncover Flaws in Windows Smart App Control and SmartScreen [Ravie Lakshmanan, The Hacker News]
Google fixes Android kernel zero-day exploited in targeted attacks [Sergiu Gatlan, Bleeping Computer]
Protect Your Network: Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold [Security News, Sonic Wall]
Chrome, Firefox Updates Patch Serious Vulnerabilities [Eduard Kovacs, Security Week]
Malware:
New BlankBot Android Trojan Can Steal User Data [Ionut Arghire, Security Week]
New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication [Ravie Lakshmanan, The Hacker News]
Surge in Magniber ransomware attacks impact home users worldwide [Lawrence Abrams, Bleeping Computer]
Beware of Fake WinRar Websites: Malware Hosted on GitHub [Security News, Sonic Wall]
Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets [Jessica Lyons, The Register]
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry [Ravie Lakshmanan, The Hacker News]
Breaches & Leaks:
Keytronic reports losses of over $17 million after ransomware attack [Sergiu Gatlan, Bleeping Computer]
New Tooloing:
RustScan: Open-source port scanner [Help Net Security, Help Net Security]