1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 7

Sicelo Ncekana | Feb. 16, 2024, 4:52 p.m.

Cybersecurity news:

  • Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages [Biz Community, Biz Community]
  • First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts [Anthony Spadafora, Tom's Guide]
  • Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive [Kevin Townsend, Security Week]
  • Hackers push USB malware payloads via news, media hosting sites [Bill Toulas, Bleeping Computer]
  • New Qbot malware variant uses fake Adobe installer popup for evasion [Bill Toulas, Bleeping Computer]
  • []
  • Vulnerabilities & Patches:

  • New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks [Eduard Kovacs, Security Week]
  • Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages [Newsroom, The Hacker News]
  • Zoom patches critical privilege elevation flaw in Windows apps [Bill Toulas, Bleeping Computer]
  • AMD discloses slew of high severity security vulnerabilities that attacks BIOS chips on Zen systems — updates aren't available for all chips, finally a fix Zenbleed [Matthew Connatser, Tom's Hardware]
  • Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug [Jai Vijayan, Dark Reading]
  • Attackers hit more networking gear, this time a critical Fortinet CVE [Matt Kapko, Cybersecurity Dive]
  • []
  • Hacks & Breaches:

  • Bank of America Customer Data Stolen in Data Breach [Ionut Arghire, Security Week]
  • Facebook Marketplace users’ stolen data offered for sale [Pieter Arntz, Malwarebytes Labs]
  • Bank of America Customers at Risk After Data Breach - Infosecurity Magazine (infosecurity-magazine.com) [Alessandro Mascellino, Infosecurity]