InfoSec News 20240523
Top News
-
More than 70% of surveyed water systems failed to meet EPA cyber standards
"Over 70% of water systems surveyed since last September failed to meet certain EPA security standards, leaving them vulnerable to cyberattacks that could disrupt wastewater and water sanitation systems nationwide, the EPA reported on Monday."
TLP1 : Green
-
Zoom adds 'post-quantum' encryption for video nattering
"To enable E2EE, all meeting participants must join from the Zoom desktop or mobile app. While those hosting a meeting on a free account can use E2EE, they will still need to verify their phone number via an SMS-delivered code."
TLP1 : Green
-
Snapchat Revises AI Privacy Policy Following UK ICO Probe
"Instant messaging app Snapchat its artificial intelligence-powered tool under compliance after the U.K. data regulator said it violated the privacy rights of individual Snapchat users."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown
"ShinyHunters disclosed to Hackread.com their suspicion that Baphomet may have surrendered backend credentials to the FBI, leading to the complete seizure of the forum’s Escrow, both dark web and clearnet domains."
TLP1 : Green
-
ARPA-H Pledges $50M for Hospital IT Security Auto-Patching
"The US government's Advanced Research Projects Agency for Health (ARPA-H) has pledged more than $50 million to fund the development of technology that aims to automate the process of securing hospital IT environments."
TLP1 : Green
-
Cybercriminals are targeting elections in India with influence campaigns
"Resecurity warns of a surge in malicious cyber activity targeting the election in India, orchestrated by several independent hacktivist groups"
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Western Sydney University data breach exposed student data
"Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server
"An authentication bypass vulnerability of maximum severity (CVSS V4 Score: 10.0) tracked as CVE-2024-4985 was recently fixed by GitHub. It impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication."
TLP1 : Green
-
Server Side Credit Card Skimmer Lodged in Obscure Plugin
"There are plenty of widely-used code snippet plugins available but in this case the attackers decided to use a very obscure plugin called Dessky Snippets, with only a few hundred active installations at the time of writing."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Watch on Demand: Threat Detection and Incident Response (TDIR) Summit
"SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit takes place on Wednesday, May 22nd as a fully immersive virtual summit."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Authelia: Open-source authentication and authorization server
"Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.