Security Leftovers
SANS ☛ Honeypots: From the Skeptical Beginner to the Tactical Enthusiast, (Sun, Dec 10th)
IT Jungle ☛ ACS, Merlin Hit With Serious Security Vulnerabilities
Three serious security vulnerabilities in I.C.B.M. i Access Client Solutions and six in Merlin were disclosed and patched by I.C.B.M. last week. The flaws could allow attackers to commit a range of crimes, from executing arbitrary code and denial of service attacks, to obtaining sensitive data on I.C.B.M. i conducting phishing attacks. All of the flaws – including another three reported by I.C.B.M. in November – should be patched immediately.
Help Net Security ☛ Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned.
CBC ☛ 2023-12-06 [Older] 'It scared the hell out of me,' says lead plaintiff in proposed class-action suit over data breach at 23andMe
Help Net Security ☛ New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)
The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164).
Help Net Security ☛ Booking.com customers targeted in hotel booking scam
Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information.
“Customers of multiple properties received email or in-app messages from Booking.com that purported to be from hotel owners requesting confirmation of payment details for upcoming stays,” Secureworks researchers warn.
The Straits Times ☛ China issues arrest warrants, offers rewards for 10 leaders of telecoms fraud gangs in Myanmar
People who can provide information and assist in the suspects’ arrest will be rewarded.