Infosec bits for 2024 week 33

Kgwadi Matenche | Aug. 16, 2024, 5:22 p.m.

Cybersecurity News:

Ransomware attack on Indian payment system traced back to Jenkins bug [Jonathan Greig, Recorded Future News]

Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning [Deeba Ahmed, Hackread]

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks [Ravie Lakshmanan, The Hacker News]

0-Click Outlook Vulnerability Triggered RCE When Email is Opened – Technical Analysis [Balaji N, Cyber Security News]

Vulnerabilities & Patches:

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions [Bill Toulas, Bleeping Computer]

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw [Ryan Naraine, SecurityWeek]

Critical SAP flaw allows remote attackers to bypass authentication [Bill Toulas, Bleeping Computer]

Fortinet, Zoom Patch Multiple Vulnerabilities [Eduard Kovacs, SecurityWeek]

A FreeBSD flaw could allow remote code execution, patch it now! [Pierluigi Paganini, Security Affairs]

Breaches & Leaks:

Hackers Leak 1.4 Billion Tencent User Accounts Online [Waqas, Hackread]

Local gov’ts in Texas, Florida hit with ransomware as cyber leaders question best path forward [Jonathan Greig, Recorded Future News]

AutoCanada discloses cyberattack impacting internal IT systems [Bill Toulas, Bleeping Computer]

Others:

GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover [Ravie Lakshmanan, The Hacker News]

GitHub rolls back database change after breaking itself [Chris Williams, The Register]