InfoSec News 20240321
Top News
-
White Hat Hackers Find Flaws in Tesla, Chrome, Safari, Windows 11 Software
"thical hackers have found exploits in Tesla's software as well as in major web browsers like Apple's Safari, Google Chrome, and Microsoft Edge Wednesday, earning them thousands of dollars each in the ongoing "Pwn2Own" hackathon."
TLP1 : Green
-
GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws
"GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues."
TLP1 : Green
-
New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems
"A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
North Korean-backed hacking group Kimsuky changes tactics
"Rapid7 Labs has been tracking the threat actor for some time, and has tracked its evolution from first using malicious ISO files and Office documents to gain initial network access to using .LNK files at the beginning of last year."
TLP1 : Green
-
US government warns states of hacking attempts on water systems
"Disabling cyberattacks are being launched against water and wastewater systems throughout the United States, the government warned."
TLP1 : Green
-
U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign
"The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Major Kate Middleton security 'breach' as hospital staff 'attempted to view private medical records'
"Bosses have launched a probe into claims Kate’s confidentiality was breached while she was a patient in The London Clinic in January - with at least one member of staff said to have been caught trying to access her notes"
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug
"Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction."
TLP1 : Green
-
Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability
"Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
"In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes
"This post-exploitation keylogger will covertly exfiltrate keystrokes to a server.
These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.