- Vulnerabilities & Patches:
- SonicWall Patches Critical Vulnerability in SMA Appliances [Eduard Kovacs, SecurityWeek]
- Google pushes emergency Chrome update to fix two zero-days [Lawrence Abrams, Bleeping Computer]
- Trend Micro fixes a critical flaw in ServerProtec Solution, patch it now! [Pierluigi Paganini, Security Affairs]
- Jira Data Center user? Here’s a critical Ehcache vulnerability to spoil your day [Gareth Halfacree, The Register]
- Security News:
- Thousands of University Wi-Fi Networks Expose Log-In Credentials [Elizabeth Montalbano, Threatpost]
- Salt Security Finds Widespread Elastic Stack API Security Vulnerability that Exposes Customer and System Data [Dark Reading]
- This dangerous mobile Trojan has stolen a fortune from over 10 million victims [Charlie Osborne, ZDNet]
- New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught [Ravie Lakshmanan, The Hacker News]
- Malware:
- A wolf in sheep’s clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus [Vitor Ventura and Arnaud Zobec, Cisco Talos]
- FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor [Ramin Nafisi, Microsoft Threat Intelligence Center]
- Breaches & Leaks:
- JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data [Lawrence Abrams, Bleeping Computer]
- Storybooks for children app FarFaria exposed data of 3M users [Waqas, HackRead]
- Others:
- Xero, Slack suffer outages just as Let’s Encrypt root cert expiry downs other websites, services [Chris Williams, The Register]
- Endpoint Still a Prime Target for Attack [Dark Reading]
- Facebook open-sources internal tool used to detect security bugs in Android apps [Catalin Cimpanu, The Record]
C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F