Infosec bits for 2024 week 5
Kgwadi Matenche | Feb. 2, 2024, 3:19 p.m.
Cybersecurity News:
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday, [Sergiu Gatlan, Bleeping Computer]
Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities [Newsroom, The Hacker News]
New Windows Event Log zero-day flaw gets unofficial patches [Sergiu Gatlan, Bleeping Computer]
Ukraine’s prisoners of war agency hit by cyberattack [Daryna Antoniuk, Recorded Future News]
Vulnerabilities & Patches:
2nd critical GitLab patch of 2024 fixes arbitrary file writing bug [Laura French, SC Media]
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! [Newsroom, The Hacker News]
Breaches & Leaks:
Georgia’s largest county confirms cyberattack causing widespread issues [Jonathan Greig, Recorded Future News]
HP Enterprise blames hacking on same Russian group behind Microsoft breach [Bloomberg, MyBroadband]
Malware:
Microsoft Teams phishing pushes DarkGate malware via group chats [Sergiu Gatlan, Bleeping Computer]
Others:
Tor Code Audit Finds 17 Vulnerabilities [Eduard Kovacs, Security Week]
Free ransomware recovery tool White Phoenix now has a web version [Help Net Security]