Infosec bits for 2024 week 48

Kgwadi Matenche | Dec. 3, 2024, 2:59 p.m.

Cybersecurity News:

New Windows Server 2012 zero-day gets free, unofficial patches [Sergiu Gatlan, Bleeping Computer]

Phishing-as-a-Service 'Rockstar 2FA' Targets Microsoft 365 Users with AiTM Attacks [Ravie Lakshmanan, The Hacker News]

UK Justice System Failing Cybercrime Victims, Cyber Helpline Finds [James Coker, Infosecurity Magazine]

VPN vulnerabilities, weak credentials fuel ransomware attacks [Help Net Security]

Over 1,000 arrested in massive 'Serengeti' anti-cybercrime operation [Bill Toulas, Bleeping Computer]

Vulnerabilities & Patches:

Zabbix urges upgrades after critical SQL injection bug disclosure [Connor Jones, The Register]

Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites [Ionut Arghire, SecurityWeek]

Russia-aligned RomCom hackers exploited Firefox and Windows zero-days [Recorded Future News]

Breaches & Leaks:

Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' [Bill Toulas, Bleeping Computer]

Propertyrec Leak Exposes Over Half a Million Background Check Records [Deeba Ahmed, HackRead]

Others:

Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks [Ravie Lakshmanan, The Hacker News]

Ransom gang claims attack on NHS Alder Hey Children's Hospital [Connor Jones, The Register]

Firefox and Windows zero-days exploited by Russian RomCom hackers [Sergiu Gatlan, Bleeping Computer]

Hackers who inflitrated South African financial system reveal data for a large number people [Jan Vermeulen, MyBroadband]