Security Leftovers

posted by Roy Schestowitz on Jan 27, 2024

• Gizmodo ☛ 2024-01-19 [Older] UC Irvine Students Hospitalized After Hackers Sent Disgusting Images to Their Discord Server

• Seth Michael Larson ☛ 2024-01-17 [Older] Defending against the PyTorch supply chain attack PoC

• CISA ☛ 2024-01-25 [Older] Cisco Releases Security Advisory for Multiple Unified Communications and Contact Center Solutions Products

• CISA ☛ 2024-01-24 [Older] Mozilla Releases Security Updates for Thunderbird and Firefox

• CISA ☛ 2024-01-23 [Older] Apple Releases Security Updates for Multiple Products

• RIPE ☛ 2024-01-23 [Older] André Grilo: Ready or Not - Rethinking Cybersecurity for a Post-Quantum World

• CISA ☛ 2024-01-17 [Older] VMware Releases Security Advisory for Aria Automation

• CISA ☛ 2024-01-25 [Older] CISA Releases Two Industrial Control Systems Advisories

• CISA ☛ 2024-01-25 [Older] MachineSense FeverWarn

• CISA ☛ 2024-01-25 [Older] SystemK NVR 504/508/516

• 2024-01-25 [Older] HP Enterprise Discloses Hack by Suspected State-Backed Russian Hackers

• 2024-01-25 [Older] HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft

• CISA ☛ 2024-01-24 [Older] CISA Adds One Known Exploited Vulnerability to Catalog

• CISA ☛ 2024-01-23 [Older] CISA Adds One Known Exploited Vulnerability to Catalog

• CISA ☛ 2024-01-23 [Older] CISA Joins ACSC-led Guidance on How to Use AI Systems Securely

• CISA ☛ 2024-01-23 [Older] CISA Releases Six Industrial Control Systems Advisories

• CISA ☛ 2024-01-23 [Older] APsystems Energy Communication Unit (ECU-C) Power Control Software

• CISA ☛ 2024-01-23 [Older] Crestron AM-300

• CISA ☛ 2024-01-23 [Older] Voltronic Power ViewPower Pro

• CISA ☛ 2024-01-23 [Older] Westermo Lynx 206-F2G

• CISA ☛ 2024-01-23 [Older] Lantronix XPort

• CISA ☛ 2024-01-22 [Older] CISA Adds One Known Exploited Vulnerability to Catalog

• CISA ☛ 2024-01-19 [Older] CISA Issues Emergency Directive on Ivanti Vulnerabilities

• Krebs On Security ☛ Who is Alleged Medibank Hacker Aleksandr Ermakov?

  Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles.

• 2024-01-22 [Older] darkhttpd: timing attack and local leak of HTTP basic auth credentials

• Windows TCO

  • The Register UK ☛ Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist

    Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including "a lot of personal documents" such as passport scans.

    Passport scans are routinely collected to verify identities during the course of the hiring process, which suggests Akira's affiliate likely had access to a system containing staff-related data.