Infosec bits for 2024 week 8
Maajied Moos | Feb. 26, 2024, 8:03 a.m.
Cybersecurity news:
SolarWinds fixes critical RCE bugs in access rights audit solution [Edge Editors, Dark Reading]
Cyber threats cast shadow over 2024 elections [Help Net Security, Help Net Security]
Clean links and sophisticated scams mark new era in email attacks [Help Net Security, Help Net Security]
Watching out for the fakes: How to spot online disinformation [Márk Szabó, We Live Security]
Vulnerabilities & Patches:
Eight Vulnerabilities Disclosed in the AI Development Supply Chain [Kevin Townsend, Security Week]
SolarWinds fixes critical RCE bugs in access rights audit solution [Sergiu Gatlan, Bleeping Computer]
Over 28,500 Exchange servers vulnerable to actively exploited bug [Bill Toulas, Bleeping Computer]
Hackers exploit critical RCE flaw in Bricks WordPress site builder [Bill Toulas, Bleeping Computer]
VMware client plug-in has critical vulnerability [Richard Chirgwin, IT News]
Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities [Ionut Arghire, Security Week]
Critical ConnectWise RMM Bug Poised for Exploitation Avalanche [Tara Seals, Dark Reading]
Hacks & Breaches:
ALPHV ransomware claims loanDepot, Prudential Financial breaches [Sergiu Gatlan, Bleeping Computer]
Chinese Hacking Contractor iSoon Leaks Internal Documents [Akshaya Asokan, David Perera, Bank Info Security]
Malware:
Alpha ransomware linked to NetWalker operation dismantled in 2021 [Bill Toulas, Bleeping Computer]
Iran Warship Aiding Houthi Pirates Hacked by US [Dark Reading Staff, Dark Reading]
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices [Newsroom, The Hacker News]
LockBit ransomware gang disrupted by global operation [Simon Sharwood, The Register]
Top UK Universities Recovering Following Targeted DDoS Attack [James Coker, InfoSecurity Magazine]