Infosec bits for 2024 week 41

Heloise Meyer | Oct. 11, 2024, 3:03 p.m.

Cybersecurity News:

Internet History Hacked, Wayback Machine Down—31 Million Passwords Stolen [Davey Winder, Forbes]

CSIR lifts lid on South Africa’s dire security posture [Simnikiwe Mzekandaba, ITweb]

Password Security:

How Hybrid Password Attacks Work and How to Defend Against Them [The Hacker News, The Hacker News]

What NIST’s latest password standards mean, and why the old ones weren’t working [Jonathan Munshaw, Talos Intelligence Blog]

Cyber Attacks:

OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks [Eduard Kovacs, SecurityWeek]

Cybercriminals capitalize on poorly configured cloud environments [Help Net Security, Help Net Security]

Hackers Hide Remcos RAT in GitHub Repository Comments [Jai Vijayan, DarkReading]

Vulnerabilities & Patches:

5 Zero-Days in Microsoft's October Update to Patch Immediately [Jai Vijayan, DarkReading]

GitLab warns of critical arbitrary branch pipeline execution flaw [Bill Toulas, BleepingComputer]

Recent Veeam Vulnerability Exploited in Ransomware Attacks [Ionut Arghire, SecurityWeek]

Firefox Zero-Day Under Attack: Update Your Browser Immediately [Ravie Lakshmanan, The Hacker News]

Adobe Patches Critical Bugs in Commerce and Magento Products [Ryan Naraine, SecurityWeek]

Botnet:

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries [Ravie Lakshmanan, The Hacker News]