FUD and Security
-
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC [Ed: It's not "Linux Backdoor"; it's intentional misreporting by a Microsoft-friendly FUD site]
The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling.
-
In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act [Ed: "Bug bounties for Linux kernel exploits" became just "Linux Kernel Exploits" in the headline]
Cybersecurity news that you may have missed this week: Bug bounties for Linux kernel exploits, Cybersecurity Awareness Act, FBI data on BEC losses.
-
Ubuntu 22.10 Kinetic Kudu dies on July 20, upgrade now [Ed: Now "dies", just not officially patched]
Canonical has said Ubuntu 22.10 Kinetic Kudu will reach end of life on July 20.
-
US Energy Dept gets two ransom notices as MOVEit hack claims more victims
The U.S. Department of Energy got ransom requests from the Russia-linked extortion group Cl0p at both its nuclear waste facility and scientific education facility that were recently hit in a global hacking campaign, a spokesperson said on Friday.
The DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, the New Mexico-based facility for disposal of defense-related radioactive nuclear waste, were hit in the attack, which was first reported on Thursday.
-
Data breach at Public Appointments Service involving 15,000 people
The personal information of 15,471 candidates for public roles has been released in error by the Public Appointments Service (PAS).
A message was sent to the affected candidates through the publicjobs.ie portal notifying the candidates affected their names and jobs alert notifications they had subscribed to may have been provided to other candidates.
-
Healthcare and Public Health Sector Cybersecurity Notification: #TimisoaraHackerTeam Analysis
-
BlackCat claims they hacked Reddit and will leak the data
In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it.
We expect to leak the data.
-
2023-06-12 [Older] Fortinet Releases Security Updates for FortiOS and FortiProxy
-
2023-06-13 [Older] Adobe Releases Security Updates for Multiple Products
-
2023-06-13 [Older] Cisco Releases Security Advisories for Multiple Products
-
2023-06-13 [Older] Microsoft Releases June 2023 Security Updates
-
2023-06-15 [Older] Barracuda Networks Releases Update to Address ESG Vulnerability
-
2023-06-15 [Older] CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities
-
2023-06-15 [Older] CISA Releases Fourteen Industrial Control Systems Advisories
-
2023-06-15 [Older] SUBNET PowerSYSTEM Center
-
2023-06-15 [Older] Advantech WebAccess/SCADA
-
2023-06-15 [Older] Siemens SIMOTION
-
2023-06-15 [Older] Siemens SIMATIC WinCC
-
2023-06-15 [Older] Siemens SIMATIC WinCC V7
-
2023-06-15 [Older] Siemens SIMATIC STEP 7 and Derived Products
-
2023-06-15 [Older] Siemens Solid Edge
-
2023-06-15 [Older] Siemens SIMATIC S7-1500 TM MFP BIOS
-
2023-06-15 [Older] Siemens SINAMICS Medium Voltage Products
-
2023-06-15 [Older] Siemens SICAM A8000 Devices
-
2023-06-14 [Older] CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)
-
2023-06-13 [Older] CISA Adds One Known Exploited Vulnerability to Catalog
-
2023-06-13 [Older] CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces
-
2023-06-13 [Older] CISA Releases Four Industrial Control Systems Advisories
-
2023-06-13 [Older] Fortinet Releases June 2023 Vulnerability Advisories
-
2023-06-13 [Older] Datalogics Library Third-Party
-
2023-06-13 [Older] Rockwell Automation FactoryTalk Services Platform
-
2023-06-13 [Older] Rockwell Automation FactoryTalk Edge Gateway
-
2023-06-13 [Older] Rockwell Automation FactoryTalk Transaction Manager
-
2023-06-15 [Older] Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability