Newsletter Announcement

Vulnerable IP Cameras, BITSLOTH, and a Discord DDoS Campaign

Security Digest for 6 August 2024: Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7 [https://forms.gle/w2RB5DRzbbvu3ziS7] Notable News: Over 20,000 Ubiquiti Cameras and Routers are Vulnerable to Amplification Attacks and Privacy Risks - Check Point Blog [https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/] BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs [https://www.elastic.co/security-labs/bits-and-bytes-analyzing-bitsloth] Panamorfi: A New Discord DDoS Campaign (aquasec.com) [https://www.aquasec.com/blog/panamorfi-a-new-discord-ddos-campaign/] 4.6 Million Voter and Election Documents Exposed Online by Technology Contractor (vpnmentor.com) [https://www.vpnmentor.com/news/report-election-records-breach/] StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms | Volexity [https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/] Israeli hacker group takes responsibility for collapse of Wi-Fi in Ira - The Jerusalem Post (jpost.com) [https://www.jpost.com/breaking-news/article-813000] TgRAT malware returns with a Linux variant (broadcom.com) [https://www.broadcom.com/support/security-center/protection-bulletin/tgrat-malware-returns-with-a-linux-variant] Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com) [https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/] Fighting Ursa Luring Targets With Car for Sale (paloaltonetworks.com) [https://unit42.paloaltonetworks.com/fighting-ursa-car-for-sale-phishing-lure/] Keytronic reports losses of over $17 million after ransomware attack (bleepingcomputer.com) [https://www.bleepingcomputer.com/news/security/keytronic-reports-losses-of-over-17-million-after-ransomware-attack/] Justice Department sues TikTok for alleged violations of children’s privacy (therecord.media) [https://therecord.media/justice-department-sues-tiktok-ftc-privacy] Prevalent Patches: Critical Bitdefender Patch for GravityZone Update Server: CVE-2024-6980 Could Lead to SSRF Attacks - SOCRadar® Cyber Intelligence Inc. [https://socradar.io/critical-bitdefender-patch-for-gravityzone-update-server-cve-2024-6980-could-lead-to-ssrf-attacks/] SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability | SonicWall [https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/] CISA Corner: CISA Adds One Known Exploited Vulnerability to Catalog | CISA [https://www.cisa.gov/news-events/alerts/2024/08/05/cisa-adds-one-known-exploited-vulnerability-catalog] NVD - CVE-2018-0824 (nist.gov) [https://nvd.nist.gov/vuln/detail/CVE-2018-0824]

6 de ago de 202430 min

Newsletter Announcement

Descripción

Comentarios

Empieza 7 días de prueba

Todos los episodios