1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 5

Kgwadi Matenche | Feb. 2, 2024, 3:19 p.m.

Cybersecurity News:

  • CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday, [Sergiu Gatlan, Bleeping Computer]
  • Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities [Newsroom, The Hacker News]
  • New Windows Event Log zero-day flaw gets unofficial patches [Sergiu Gatlan, Bleeping Computer]
  • Ukraine’s prisoners of war agency hit by cyberattack [Daryna Antoniuk, Recorded Future News]
  • Vulnerabilities & Patches:

  • 2nd critical GitLab patch of 2024 fixes arbitrary file writing bug [Laura French, SC Media]
  • Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! [Newsroom, The Hacker News]
  • Breaches & Leaks:

  • Georgia’s largest county confirms cyberattack causing widespread issues [Jonathan Greig, Recorded Future News]
  • HP Enterprise blames hacking on same Russian group behind Microsoft breach [Bloomberg, MyBroadband]
  • Malware:

  • Microsoft Teams phishing pushes DarkGate malware via group chats [Sergiu Gatlan, Bleeping Computer]
  • Others:

  • Tor Code Audit Finds 17 Vulnerabilities [Eduard Kovacs, Security Week]
  • Free ransomware recovery tool White Phoenix now has a web version [Help Net Security]