Infosec bits for 2024 week 7
Sicelo Ncekana | Feb. 16, 2024, 4:52 p.m.
Cybersecurity news:
Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages [Biz Community, Biz Community]
First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts [Anthony Spadafora, Tom's Guide]
Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive [Kevin Townsend, Security Week]
Hackers push USB malware payloads via news, media hosting sites [Bill Toulas, Bleeping Computer]
New Qbot malware variant uses fake Adobe installer popup for evasion [Bill Toulas, Bleeping Computer]
[]
Vulnerabilities & Patches:
New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks [Eduard Kovacs, Security Week]
Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages [Newsroom, The Hacker News]
Zoom patches critical privilege elevation flaw in Windows apps [Bill Toulas, Bleeping Computer]
AMD discloses slew of high severity security vulnerabilities that attacks BIOS chips on Zen systems — updates aren't available for all chips, finally a fix Zenbleed [Matthew Connatser, Tom's Hardware]
Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug [Jai Vijayan, Dark Reading]
Attackers hit more networking gear, this time a critical Fortinet CVE [Matt Kapko, Cybersecurity Dive]
[]
Hacks & Breaches:
Bank of America Customer Data Stolen in Data Breach [Ionut Arghire, Security Week]
Facebook Marketplace users’ stolen data offered for sale [Pieter Arntz, Malwarebytes Labs]
Bank of America Customers at Risk After Data Breach - Infosecurity Magazine (infosecurity-magazine.com) [Alessandro Mascellino, Infosecurity]