Security Leftovers and Windows TCO
-
Security Week ☛ Hackers Target Cisco Smart Licensing Utility Vulnerabilities
SANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440.
-
Security Week ☛ Veeam Patches Critical Vulnerability in Backup & Replication
Veeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication.
-
Security Week ☛ CISA Warns of Exploited Nakivo Vulnerability
CISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list.
> -
Security Week ☛ 300 Malicious ‘Vapor’ Apps Hosted on Surveillance Giant Google Play Had 60 Million Downloads
Over 300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Surveillance Giant Google Play.
-
Krebs On Security ☛ Arrests in Tap-to-Pay Scheme Powered by Phishing
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.
-
Security Week ☛ Paragon Spyware Attacks Exploited WhatsApp Zero-Day
Attacks involving Paragon’s Graphite spyware involved a WhatsApp zero-day that could be exploited without any user interaction.
-
Security Week ☛ 500,000 Impacted by Pennsylvania Teachers Union Data Breach
Pennsylvania State Education Association says the personal information of over 500,000 individuals was stolen in a data breach.
-
Windows TCO / Windows Bot Nets
-
Cyble Inc ☛ CERT-UA Warns Of DarkCrystal RAT Cyberattacks On Ukraine
DarkCrystal RAT (DCRAT) is a powerful remote access tool that allows cybercriminals to control infected systems from a distance. Once installed, it grants the attackers complete control over the victim’s device, enabling them to exfiltrate sensitive information, manipulate data, and even deploy additional malicious payloads. The use of DarkTortilla as a loader is particularly concerning as it hides the malicious intent behind a seemingly innocuous file, making it more difficult for users to detect.
-
Security Week ☛ Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover
The Hellcat ransomware group this week claimed responsibility for cyberattacks on Swiss telecommunications provider Ascom and British multinational car manufacturer Jaguar Land Rover (JLR).
-
Entrapment (Microsoft GitHub)
-
Cyble Inc ☛ CVE-2025-30066: Patch Your GitHub Workflows ASAP
tj-actions/changed-files is a popular GitHub Action that helps users track file modifications in pull requests and commits. It identifies changed files relative to a target branch, multiple branches, or specific commits, making it an essential tool for developers automating CI/CD workflows.
-
Security Week ☛ Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
The attack came to light late last week, when it was discovered that the code of a GitHub action named ‘tj-actions/changed-files’, which is actively used by over 23,000 repositories for tracking file and directory changes, had been modified to execute a malicious script designed to dump CI/CD secrets to build logs.
-
-