Security Leftovers

posted by Roy Schestowitz on Jul 12, 2023

• Exploit Code Published for Remote Root Flaw in VMware Logging Software

  VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches.

• Apple Ships Urgent iOS Patch for WebKit Zero-Day

  Apple rolls out urgent iOS and iPadOS software updates and warned that zero-day exploitation has already been detected.

• Critical Vulnerability Can Allow Takeover of Mastodon Servers

  A critical vulnerability in the Mastodon social networking platform may allow attackers to take over target servers.

• Linux VPN Myths Exposed: Separating Fact from Fiction for Enhanced Online Security

  With online privacy and security becoming increasingly critical concerns, VPNs have gained immense popularity recently. Nevertheless, an abundance of false information about this tool for safeguarding online privacy is circulating.

• Hackers stream anti-NATO broadcasts in Lithuania after cyber attacks

  Lithuania's National Cyber Security Centre (NKSC) has recorded two cyber incidents when disinformation was broadcast on a regional radio station and in a shopping centre following a hacking of a music streaming service.

• A Cybersecurity Wish List Ahead of NATO Summit

  Assuming NATO can play a greater part in the cybersecurity of its members, possibly through a more formal NATO Cyber Command, the question then becomes ‘what should we hope for?’

• Apple issues emergency patches to fix 10th zero-day for 2023

  Apple has issued emergency updates to fix zero-days in its iOS, iPadOS and macOS Ventura operating systems, the 10th fix for zero-days being exploited in the wild issued this calendar year.

• Apple Rapid Security Update Patches Three Exploited Vulnerabilities, (Mon, Jul 10th)

• Australian infrastructure firm Ventia breached in online attack

  "Ventia’s operations are continuing. We are maintaining vigilance across our systems. We will not hesitate to take further protective action if required as operations return to normal in the days ahead."

  Ventia operates in both Australia and New Zealand and is one of the bigger essential services providers in the two countries.

  In 2022, it pulled in revenue of $5.1 billion, an increase of 13.4% on the previous calendar year.

• PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability

  PoC exploit has been published for a recently patched Ubiquiti EdgeRouter vulnerability leading to arbitrary code execution.

• Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence

  Industrial giant Honeywell wants to extend its OT cybersecurity portfolio with the acquisition of Israel-based OT/IoT security firm SCADAfence.

• Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack

  Critical infrastructure services provider Ventia has taken some systems offline following a cyberattack.