Infosec bits for 2024 week 7

Sicelo Ncekana | Feb. 16, 2024, 4:52 p.m.

Cybersecurity news:

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages [Biz Community, Biz Community]

First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts [Anthony Spadafora, Tom's Guide]

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive [Kevin Townsend, Security Week]

Hackers push USB malware payloads via news, media hosting sites [Bill Toulas, Bleeping Computer]

New Qbot malware variant uses fake Adobe installer popup for evasion [Bill Toulas, Bleeping Computer]

[]

Vulnerabilities & Patches:

New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks [Eduard Kovacs, Security Week]

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages [Newsroom, The Hacker News]

Zoom patches critical privilege elevation flaw in Windows apps [Bill Toulas, Bleeping Computer]

AMD discloses slew of high severity security vulnerabilities that attacks BIOS chips on Zen systems — updates aren't available for all chips, finally a fix Zenbleed [Matthew Connatser, Tom's Hardware]

Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug [Jai Vijayan, Dark Reading]

Attackers hit more networking gear, this time a critical Fortinet CVE [Matt Kapko, Cybersecurity Dive]

[]

Hacks & Breaches:

Bank of America Customer Data Stolen in Data Breach [Ionut Arghire, Security Week]

Facebook Marketplace users’ stolen data offered for sale [Pieter Arntz, Malwarebytes Labs]

Bank of America Customers at Risk After Data Breach - Infosecurity Magazine (infosecurity-magazine.com) [Alessandro Mascellino, Infosecurity]