InfoSec News 20250404
Top News
-
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
"Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials."
TLP1 : Green
-
Nearly 600 Phishing Domains Emerge Following Bybit Heist
"A large number of phishing campaigns emerged in the aftermath of the Bybit heist, designed to siphon cryptocurrency from its customers, according to BforeAI."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
For flux sake: CISA, annexable allies warn of hot DNS threat
"Shape shifting technique described as menace to national security"
TLP1 : Green
-
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
"The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Australian Pension Funds Hacked
"In a significant cybersecurity incident, several major Australian pension funds have confirmed they were targeted in a coordinated hacking campaign that compromised thousands of customer accounts."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
"A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances."
TLP1 : Green
-
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code
"OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security vulnerability that could allow attackers to crash servers and potentially execute remote code under certain conditions."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Lifetime cybersecurity training with InfoSec4TC is now $70 in this deal
"Let’s face it: Cybersecurity is a field where standing still often means falling behind. Threats evolve fast, and employers constantly seek candidates with up-to-date skills and certifications. But that doesn’t mean prep materials should have to cost you a fortune."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
OH-MY-DC: OIDC Misconfigurations in CI/CD
"In the course of investigating the use of OpenID Connect (OIDC) within continuous integration and continuous deployment (CI/CD) environments, Unit 42 researchers discovered problematic patterns and implementations that could be leveraged by threat actors to gain access to restricted resources. One instance of such an implementation was identified in CircleCI’s OIDC."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.