Security Leftovers
-
SANS ☛ Apple Patches Exploited WebKit Vulnerabilitiues in iOS/iPadOS/macOS, (Thu, Nov 30th)
Apple today released patches for two WebKit vulnerabilities affecting macOS, iPadOS and iOS. I would expect standalone Safari updates for older macOS versions in the future. At this point, only the most recent operating system versions received patches.
-
Silicon Angle ☛ Dollar Tree employee data compromised in third-party provider breach
Information relating to nearly 2 million current and former employees of discount variety store company Dollar Tree Inc. has been stolen following a breach at a third-party provider.
-
Security Week ☛ Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals
ZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts customers such as Dollar Tree.
-
Scoop News Group ☛ Anti-Israel hacking campaign highlights danger of internet-connected devices [Ed: The real issue here is Windows, not the nations that break in or why]
The Iran-linked Cyber Av3ngers hacking crew has targeted water facilities in Pennsylvania and elsewhere in the United States.
-
Security Week ☛ Palo Alto Networks Unveils New Rugged Firewall for Industrial Environments [Ed: This seems more like sponsored veiled spam disguised as information]
Palo Alto Networks has launched a new rugged firewall for industrial environments and announced several OT security improvements.
-
Federal News Network ☛ An industry perspective on CISA’s latest plan to get more software security assurances from vendors [Ed: Microsoft CISA?]
Starting sometime next year, companies that want to sell software to the government will need to sign new attestations – certifying that they have taken certain steps to make sure their software is secure. Earlier this month, the Cybersecurity and Infrastructure Security Agency released its latest draft of the form companies will need to submit. One of the biggest changes is the attestations will have to be signed by a company’s CEO. But there are several other updates, too. For more about them and get an industry perspective, Federal News Network Deputy Editor Jared Serbu talked with Leopold Wildenauer, the Senior Manager for Public Sector Policy at the Information Technology Industry Council.
-
Security Week ☛ Qlik Sense Vulnerabilities Exploited in Ransomware Attacks
Qlik Sense vulnerabilities CVE-2023-41266, CVE-2023-41265 and CVE-2023-48365 exploited for initial access in Cactus ransomware attacks.
-
Silicon Angle ☛ Proton adds new Sentinel protective feature to its password manager
Proton AG, the Swiss security firm notable for its end-to-end encrypted email offering, today announced an enhancement to its Pass password manager software called Sentinel. The feature prevents attackers from getting access to users’ data even if they have stolen Proton account credentials.
-
Security Week ☛ Black Basta Ransomware Group Received Over $100 Million From 90 Victims [Ed: Windows TCO]
The Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments.
-
Pen Test Partners ☛ OPSEC failures when threat hunting
Over the last few years I’ve carried out a lot of phishing, and have some interesting observations on how organisations respond.