Infosec bits for 2024 week 33
Kgwadi Matenche | Aug. 16, 2024, 5:22 p.m.
Cybersecurity News:
Ransomware attack on Indian payment system traced back to Jenkins bug [Jonathan Greig, Recorded Future News]
Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning [Deeba Ahmed, Hackread]
RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks [Ravie Lakshmanan, The Hacker News]
0-Click Outlook Vulnerability Triggered RCE When Email is Opened – Technical Analysis [Balaji N, Cyber Security News]
Vulnerabilities & Patches:
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions [Bill Toulas, Bleeping Computer]
Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw [Ryan Naraine, SecurityWeek]
Critical SAP flaw allows remote attackers to bypass authentication [Bill Toulas, Bleeping Computer]
Fortinet, Zoom Patch Multiple Vulnerabilities [Eduard Kovacs, SecurityWeek]
A FreeBSD flaw could allow remote code execution, patch it now! [Pierluigi Paganini, Security Affairs]
Breaches & Leaks:
Hackers Leak 1.4 Billion Tencent User Accounts Online [Waqas, Hackread]
Local gov’ts in Texas, Florida hit with ransomware as cyber leaders question best path forward [Jonathan Greig, Recorded Future News]
AutoCanada discloses cyberattack impacting internal IT systems [Bill Toulas, Bleeping Computer]
Others:
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover [Ravie Lakshmanan, The Hacker News]
GitHub rolls back database change after breaking itself [Chris Williams, The Register]