Security Leftovers

posted by Roy Schestowitz on Jul 07, 2024

• Cyble Inc ☛ Critical Ghostscript Vulnerabilities Addressed with Latest Ubuntu Security Updates

  Canonical has recently issued a series of crucial Ubuntu security updates aimed at addressing multiple vulnerabilities in Ghostscript, a widely utilized tool for interpreting PostScript and PDF files. These vulnerabilities, discovered by various security researchers, posed significant risks such as bypassing security restrictions and executing malicious code on affected systems.

• CISA ☛ 2024-07-02 [Older] CISA Adds One Known Exploited Vulnerability to Catalog

• CISA ☛ 2024-07-02 [Older] CISA Releases Seven Industrial Control Systems Advisories

• CISA ☛ 2024-07-02 [Older] Johnson Controls Kantech Door Controllers

• CISA ☛ 2024-07-02 [Older] mySCADA myPRO

• CISA ☛ 2024-07-02 [Older] ICONICS and Mitsubishi Electric Products

• CISA ☛ 2024-06-28 [Older] Progress Software Releases Security Bulletin for MOVEit Transfer

• 2024-06-27 [Older] ISTIO-SECURITY-2024-005

• Modern Diplomacy ☛ 2024-07-02 [Older] Indonesia’s Weak Cybersecurity Governance

• CISA ☛ 2024-07-02 [Older] Juniper Networks Releases Security Bulletin for Junos OS: SRX Series

• US News And World Report ☛ 2024-07-04 [Older] Cybersecurity Breach Could Delay Court Proceedings Across New Mexico, Public Defenders Office Says

• Copenhagen Post ☛ 2024-07-04 [Older] DTU cuts collaborations with Chinese and Iranian universities over security concerns

• Cyble Inc ☛ Exploiting CVE-2024-23692 With HFS Server Vulnerabilities

  HTTP File Server (HFS) is a lightweight web server software widely used for file sharing. Its simplicity in setup and operation makes it popular, allowing users to share files over the internet with ease.

• Integrity/Availability/Authenticity

  • Science Alert ☛ Giant Cybersecurity Threat Discovered Lurking in Plain Sight

    For example, a programmer making a link to theconversation.com might accidentally link to tehconversation.com – note the misspelling. If the mistyped domain has never been purchased, someone could come along and buy that phantom domain for around A$10, hijacking the inbound traffic. In these cases, the price of programmers' mistakes is paid by the users.

    These programmer linking errors don't just risk directing users to phishing or spoofing sites. Hijacked traffic can be directed towards a range of traps, including malicious scripts, misinformation, offensive content, viruses and any other hacks the future will bring.

• Windows TCO

  • RTL ☛ New tactics: Cybercrime groups restructuring after major takedowns: experts

    LockBit was one of the major developers of malicious software that allows criminals to lock victims out of their networks, steal their data and demand a ransom for its return.

    Ransomware attacks using LockBit and other software have led to major disruption of governments, businesses and public services like hospitals.

  • The Register UK ☛ The untold impact of Qilin's attack on London hospitals

    How the ordeal actually unraveled, however, was an entirely different story. Hanna was given less than 24 hours by doctors to make the daunting decision to either accept a simple mastectomy or delay a life-changing procedure until Synnovis's systems were back online.

  • Cyble Inc ☛ Threat Actors Exploit Microsoft SmartScreen Vulnerability: Cyble Researchers

    The multi-stage attack that follows utilizes legitimate tools such as forfiles.exe, PowerShell, mshta, and other trusted files to circumvent security measures, and then DLL sideloading and IDATLoader inject the final payload into explorer.exe.

    The campaign delivers Lumma and Meduza Stealer as its final payloads.

  • [Repeat] Silicon Angle ☛ Patelco Credit Union targeted in ransomware attack, disrupting customer access

    California-based Patelco Credit Union, one of the largest credit unions in the U.S., has suffered from a ransomware attack that has prevented some customers from accessing their funds.