Infosec bits for 2024 week 8

Maajied Moos | Feb. 26, 2024, 8:03 a.m.

Cybersecurity news:

SolarWinds fixes critical RCE bugs in access rights audit solution [Edge Editors, Dark Reading]

Cyber threats cast shadow over 2024 elections [Help Net Security, Help Net Security]

Clean links and sophisticated scams mark new era in email attacks [Help Net Security, Help Net Security]

Watching out for the fakes: How to spot online disinformation [Márk Szabó, We Live Security]

Vulnerabilities & Patches:

Eight Vulnerabilities Disclosed in the AI Development Supply Chain [Kevin Townsend, Security Week]

SolarWinds fixes critical RCE bugs in access rights audit solution [Sergiu Gatlan, Bleeping Computer]

Over 28,500 Exchange servers vulnerable to actively exploited bug [Bill Toulas, Bleeping Computer]

Hackers exploit critical RCE flaw in Bricks WordPress site builder [Bill Toulas, Bleeping Computer]

VMware client plug-in has critical vulnerability [Richard Chirgwin, IT News]

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities [Ionut Arghire, Security Week]

Critical ConnectWise RMM Bug Poised for Exploitation Avalanche [Tara Seals, Dark Reading]

Hacks & Breaches:

ALPHV ransomware claims loanDepot, Prudential Financial breaches [Sergiu Gatlan, Bleeping Computer]

Chinese Hacking Contractor iSoon Leaks Internal Documents [Akshaya Asokan, David Perera, Bank Info Security]

Malware:

Alpha ransomware linked to NetWalker operation dismantled in 2021 [Bill Toulas, Bleeping Computer]

Iran Warship Aiding Houthi Pirates Hacked by US [Dark Reading Staff, Dark Reading]

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices [Newsroom, The Hacker News]

LockBit ransomware gang disrupted by global operation [Simon Sharwood, The Register]

Top UK Universities Recovering Following Targeted DDoS Attack [James Coker, InfoSecurity Magazine]