Infosec bits for 2024 week 42

Kgwadi Matenche | Oct. 18, 2024, 3:54 p.m.

Cybersecurity News:

Microsoft warns it lost some customer's security logs for a month [Lawrence Abrams, Bleeping Computer]

UK: NCSC Offers Education Organizations Free Cyber Services [Kevin Poireault, Infosecurity Magazine]

New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users [Deeba Ahmed, HackRead]

Iranian Hackers Using Brute Force on Critical Infrastructure [Chris Riotta, BankInfoSecurity]

Vulnerabilities & Patches:

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters [Ionut Arghire, SecurityWeek]

Critical Kubernetes Image Builder flaw gives SSH root access to VMs [Bill Toulas, Bleeping Computer]

VMware Patches High-Severity SQL Injection Flaw in HCX Platform [Ryan Naraine, SecurityWeek]

Breaches & Leaks:

BianLian ransomware claims attack on Boston Children's Health Physicians [Bill Toulas, Bleeping Computer]

Fortinet Confirms Customer Data Breach via Third Party [Jai Vijayan, Dark Reading]

Insurance giant Globe Life facing extortion attempts after data theft from subsidiary [Jonathan Greig, Recorded Future News]

Others:

Apple Releases Draft Ballot to Shorten Certificate Lifespan to 45 Days [Sectigo Team, Sectigo]

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites [Ravie Lakshmanan, The Hacker News]

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access [Ravie Lakshmanan, The Hacker News]