Infosec bits for 2024 week 32

Maajied Moos | Aug. 8, 2024, 3:43 p.m.

Cybersecurity News:

Implementing Identity Continuity With the NIST Cybersecurity Framework [Eric Olden, Dark Reading]

The role of AI in cybersecurity operations [Edward Wu, Help Net Security]

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise [Help Net Security, Help Net Security]

Vulnerabilities & Patches:

Linux kernel impacted by new SLUBStick cross-cache attack [Bill Toulas, Bleeping Computer]

SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability [Hasib Vhora, Sonic Wall]

Researchers Uncover Flaws in Windows Smart App Control and SmartScreen [Ravie Lakshmanan, The Hacker News]

Google fixes Android kernel zero-day exploited in targeted attacks [Sergiu Gatlan, Bleeping Computer]

Protect Your Network: Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold [Security News, Sonic Wall]

Chrome, Firefox Updates Patch Serious Vulnerabilities [Eduard Kovacs, Security Week]

Malware:

New BlankBot Android Trojan Can Steal User Data [Ionut Arghire, Security Week]

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication [Ravie Lakshmanan, The Hacker News]

Surge in Magniber ransomware attacks impact home users worldwide [Lawrence Abrams, Bleeping Computer]

Beware of Fake WinRar Websites: Malware Hosted on GitHub [Security News, Sonic Wall]

Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets [Jessica Lyons, The Register]

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry [Ravie Lakshmanan, The Hacker News]

Breaches & Leaks:

Keytronic reports losses of over $17 million after ransomware attack [Sergiu Gatlan, Bleeping Computer]

New Tooloing:

RustScan: Open-source port scanner [Help Net Security, Help Net Security]