This posting is here to collect cyber security news in June 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
323 Comments
Tomi Engdahl says:
Spotify Fined $5 Million for Breaching EU Data Rules
Music streaming giant Spotify was fined 58 million kronor ($5.4 million) for not properly informing users on how data it collected on them was being used, Swedish authorities said.
https://www.securityweek.com/spotify-fined-5-million-for-breaching-eu-data-rules/
Tomi Engdahl says:
ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities
https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-over-180-third-party-component-vulnerabilities/
ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.
Siemens and Schneider Electric on Tuesday released a total of 16 advisories addressing well over 200 vulnerabilities affecting their industrial products.
Tomi Engdahl says:
Vulnerabilities
Chrome 114 Update Patches Critical Vulnerability
https://www.securityweek.com/chrome-114-update-patches-critical-vulnerability/
Google has released a Chrome 114 security update to address five vulnerabilities, including a critical-severity bug in Autofill payments.
Google on Tuesday announced a new Chrome 114 update that resolves five vulnerabilities, including four critical- and high-severity bugs reported by external researchers.
The most important of these issues is CVE-2023-3214, a critical use-after-free flaw in Autofill payments. The issue was reported by Rong Jian of VRI, Google notes in its advisory.
Use-after-free vulnerabilities are a type of memory corruption bugs that occur when a pointer is not cleared after memory allocation has been freed.
Tomi Engdahl says:
ICS/OT
CosmicEnergy ICS Malware Poses No Immediate Threat, but Should Not Be Ignored
https://www.securityweek.com/cosmicenergy-ics-malware-poses-no-immediate-threat-but-should-not-be-ignored/
The Russia-linked ICS malware named CosmicEnergy does not pose a direct threat to OT systems as it contains errors and lacks maturity.
Tomi Engdahl says:
Application Security
Patch Tuesday: Critical Flaws in Adobe Commerce Software
https://www.securityweek.com/patch-tuesday-critical-flaws-in-adobe-commerce-software/
Adobe ships urgent fixes for at least a dozen flaws that expose Adobe Commerce users to code execution attacks.
Tomi Engdahl says:
Carly Page / TechCrunch:
Russia-linked ransomware gang Clop lists its first victims targeted via Progress’ MOVEit Transfer tool since May 2023, including US banks and universities
Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities
Researchers say the newly discovered security flaw was probed as far back as 2021
https://techcrunch.com/2023/06/15/moveit-clop-mass-hacks-banks-universities/
Sean Lyngaas / CNN:
CISA confirms “several” US federal government agencies “experienced intrusions” in the hack of Progress’ MOVEit Transfer tool and is providing support to them — “Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software.
Exclusive: US government agencies hit in global cyberattack
https://edition.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/
Tomi Engdahl says:
Jules Roscoe / VICE:
Invidious, an open-source “alternative front-end” for YouTube that removes tracking and ads, says YouTube sent a cease-and-desist letter over API violations — Invidious lets users browse YouTube without being tracked. Its developers say they won’t make changes until they have to.
YouTube Tells Open-Source Privacy Software ‘Invidious’ to Shut Down
Invidious lets users browse YouTube without being tracked. Its developers say they won’t make changes until they have to.
https://www.vice.com/en/article/88xxex/youtube-tells-open-source-privacy-software-invidious-to-shut-down
Tomi Engdahl says:
Mandiant:
A look at Barracuda’s Email Security Gateway zero-day exploited by a China-linked actor since at least October 2022 to spy on companies and governments globally — On May 23, 2023, Barracuda announced that a zero-day vulnerability (CVE-2023-2868) in the Barracuda Email Security Gateway …
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
Tomi Engdahl says:
Nick Perry / Associated Press:
New Zealand sentences two men who ran the once wildly popular pirating website Megaupload to over two years in prison, ending an 11-year US extradition battle
https://apnews.com/article/new-zealand-megaupload-pirating-website-sentence-a858f2a77b4eebf912711e818d6400f5
Tomi Engdahl says:
https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html
Tomi Engdahl says:
MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately” > https://nakedsecurity.sophos.com/2023/06/15/moveit-mayhem-3-disable-http-and-https-traffic-immediately/,
Tomi Engdahl says:
Sattumaako? Uusi kiristysohjelma iskee venäjänkielisiin https://www.is.fi/digitoday/tietoturva/art-2000009657704.html
Enlisted-pelin pelaajat ovat kiristysohjelman kohteena. Muidenkin kuin venäläisten kannattaa olla varovaisia.
VENÄLÄINEN räiskintäpeli Enlisted on valjastettu verkkohyökkäysten aseeksi. Tietoturvayhtiö Cyblen mukaan venäjänkielisiä pelaajia houkutellaan aitoa peliä läheisesti muistuttaville verkkosivuille, jotka lupaavat peliä ladattavaksi.
Kun haitallisen version pelistä lataa, tietokone saastuu uhrin tiedot panttivangiksi ottavasta kiristysohjelmasta. Se teeskentelee olevansa pahamaineinen WannaCry-kiristäjä, mutta on tosiasiassa kaikkea muuta. Se osaa silti aiheuttaa tuhoa.
Threat Actor Targets Russian Gaming Community With WannaCry-Imitator
https://blog.cyble.com/2023/06/13/threat-actor-targets-russian-gaming-community-with-wannacry-imitator/
Phishing Gaming Site Opens the Door to Ransomware Infection
Gaming has gained immense popularity, attracting millions of players globally, primarily due to the wide range of game options available, strong community engagement, and its entertainment value. Unfortunately, this widespread appeal has also attracted the attention of Threat Actors (TAs), who seek to exploit gamers by targeting games with large user bases to maximize their potential victims. While searching for free or pirated games, some gamers disregard security measures and unknowingly download malicious software onto their systems.
Tomi Engdahl says:
Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default
https://www.bleepingcomputer.com/news/security/microsoft-windows-kernel-cve-2023-32019-fix-is-disabled-by-default/
Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases.
While it has a medium severity range CVSS base score of 4.7/10, Redmond has tagged this security flaw (CVE-2023-32019) as important severity.
Tomi Engdahl says:
Chinese hackers use DNS-over-HTTPS for Linux malware communication
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/
Tomi Engdahl says:
WordPress Stripe payment plugin bug leaks customer order details
https://www.bleepingcomputer.com/news/security/wordpress-stripe-payment-plugin-bug-leaks-customer-order-details/
Tomi Engdahl says:
Microsoft: Windows 10 21H2 has reached end of servicing
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-21h2-has-reached-end-of-servicing/
Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this month’s Patch Tuesday, as Microsoft reminded customers today.
Since Windows 10 21H2 (also known as the Windows 10 November 2021 Update) will no longer receive security updates, customers are advised to upgrade to the latest release as soon as possible to avoid exposing their systems to attacks exploiting unpatched security vulnerabilities.
“Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 or upgrade to Windows 11 to remain supported,” Microsoft said in an initial announcement on March 14.
Tomi Engdahl says:
Microsoft stole our stolen dark web data, says security outfit
Suit claims Redmond took far more than allowed from Hold’s 360M-credential database
https://www.theregister.com/2023/06/12/microsoft_hold_security_lawsuit/
Tomi Engdahl says:
RDP honeypot targeted 3.5 million times in brute-force attacks
https://www.bleepingcomputer.com/news/security/rdp-honeypot-targeted-35-million-times-in-brute-force-attacks/
Remote desktop connections are so powerful a magnet for hackers that an exposed connection can average more than 37,000 times every day from various IP addresses.
During this phase, the attacks are automated. But once they get the right access credentials, the hackers start searching for important or sensitive files manually.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/pirated-windows-10-isos-install-clipper-malware-via-efi-partitions/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/chinese-hackers-used-vmware-esxi-zero-day-to-backdoor-vms/
Tomi Engdahl says:
Hacker groups reportedly team up to destroy European Banks in ‘world’s biggest cyber attack’
https://www.dexerto.com/tech/hacker-groups-reportedly-team-up-to-destroy-european-banks-in-worlds-biggest-cyber-attack-2178927/?fbclid=IwAR0iwZPH0g_7anCPPq0IzKzLOOi35rhKwPeExMq1X5wv7bK8jAgJ11ZYfME
Three pro-Russian hacker groups have allegedly joined forces to target European banks with a massive cyber attack.
KillNet, Anonymous Sudan and REvil reportedly uploaded a video announcing their threat to take down the entire European banking system.
According to reports, KillNet’s leader says preparations are already underway and the attack will begin very soon.
Cyberknow, a threat-tracking page, also posted about the alleged upcoming attacks, adding that hackers from the three groups had joined together for this campaign. They believe their first will be to paralyze the SWIFT payment system, which is commonly used for international payments.
KillNet warned: “This is not a DDoS attack, the games are over. We call on all active groups to engage in destructive activity against the European banking system. No money, no weapons, no Kiev regime. This is the formula for the death of Nazism and it will work.”
They went on to add that society has “not seen such problems before.”
Additionally, Anonymous Sudan claimed the attack would be the “most powerful in the recent history of the world,” further warning that this would be something severe.
“When we strike, it will be too late to make amends.”
On June 15, CNN reported that US government agencies had been hit in a global cyberattack. It is not confirmed if this attack was linked to Russia-based hacking groups.
So far, it’s unclear if these are just empty threats, a prank or if a massive attack is actually planned. In any case, this whole fiasco could very well turn into a real-life Mr Robot situation if things go according to plan.
Tomi Engdahl says:
Frank Bajak / Associated Press:
Microsoft says DDoS attacks by hacktivist group Anonymous Sudan “temporarily impacted availability” of some of its services, including Azure, in early June 2023 — In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite …
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks
https://apnews.com/article/microsoft-outage-ddos-attack-hackers-outlook-onedrive-7a23f92ab3cc2b7f0c590c7d08cf03fe
In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.
Initially reticent to name the cause, Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame.
But the software giant has offered few details — and did not immediately comment on how many customers were affected and whether the impact was global. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian.
Tomi Engdahl says:
The Reddit Blackout Is Breaking Reddit
When the user revolt ends—if it ever does—Reddit’s community won’t ever be the same.
https://www.wired.com/story/the-reddit-blackout-is-breaking-reddit/
It’s pretty easy to piss people off on Reddit. Less so to piss off seemingly everyone on the platform.
Still, Reddit’s management has succeeded in doing just that as it weathers protests over its decision to charge for access to its API. That ruling risks putting the company in a death spiral as users revolt, the most dedicated community caretakers quit, and the vibrant discussions move to other platforms.
The company’s changes to its data access policies effectively price out third-party developers who make mobile applications for browsing Reddit; two of the most popular options, Reddit Is Fun and Apollo, which together have over 41 million downloads, are both shutting down. After some initial backlash from users and disability advocates who said Reddit’s changes would adversely affect accessibility-focused apps aimed at people with dyslexia or vision impairments, Reddit said it would exempt those apps from the price hikes. Those apps also have far smaller user bases than Apollo or RIF.
“You can’t inflate the balloon forever. It will pop at some point.”
Tomi Engdahl says:
Sean Lyngaas / CNN:
Oregon and Louisiana warn that the MOVEit hackers may have stolen the SSNs and driver’s license numbers of 3.5M Oregonians and 3M+ Louisianians from state DMVs
Millions of Americans’ personal data exposed in global hack
https://edition.cnn.com/2023/06/16/politics/cyberattack-us-government/
Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday.
The breach has affected 3.5 million Oregonians with driver’s licenses or state ID cards, and anyone with that documentation in Louisiana, authorities said. Casey Tingle, a senior official in the Louisiana governor’s office, said Friday that more than 6 million records were compromised while noting that that number is duplicative because some people have both vehicle registrations and a driver’s license.
The states did not blame anyone in particular for the hack, but federal officials have attributed a broader hacking campaign using the same vulnerability to a Russian ransomware gang.
The hackers exploited a flaw in a popular file-transfer software known as MOVEit made by Massachusetts-based Progress Software.
Hundreds of organizations across the globe have likely had their data exposed after the hackers used the flaw to break into networks in recent weeks. Multiple US federal agencies, including the Department of Energy, were breached, CNN first reported on Thursday. The US Office of Personnel Management was also impacted by the sweeping hack, multiple sources told CNN Friday, but none of the breaches of federal agencies so far have been deemed serious.
US officials have described the cyberattack as an opportunistic, financially motivated hack that has not caused disruptions to agency services.
Tomi Engdahl says:
Police cracks down on DDoS-for-hire service active since 2013 https://www.bleepingcomputer.com/news/security/police-cracks-down-on-ddos-for-hire-service-active-since-2013/
Polish police officers of the country’s Central Bureau for Combating Cybercrime detained two suspects believed to have been involved in operating a DDoS-for-hire service (aka booter or stresser) active since at least 2013.
Tomi Engdahl says:
LockBit suspect’s arrest sheds more light on ‘trustworthy’ gang https://www.theregister.com/2023/06/16/lockbit_suspect_arrest/
FBI agents have arrested a Russian man suspected of being part of the Lockbit ransomware gang. An unsealed complaint alleges the 20-year-old was an Apple fanboy, an online gambler, and scored 80 percent of at least one ransom payment given to the criminals.
Tomi Engdahl says:
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks https://apnews.com/article/microsoft-outage-ddos-attack-hackers-outlook-onedrive-7a23f92ab3cc2b7f0c590c7d08cf03fe
In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps [...] Microsoft has now disclosed that DDoS attacks by the murky upstart were indeed to blame. A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks.
https://msrc.microsoft.com/blog/2023/06/microsoft-response-to-layer-7-distributed-denial-of-service-ddos-attacks/
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-azure-outlook-outages-caused-by-ddos-attacks/
Tomi Engdahl says:
BlackCat ransomware gang behind Reddit breach from February, threaten to leak stolen data https://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/
The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company.
On February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack. This phishing attack allowed the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.
Tomi Engdahl says:
>From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin
>Botnet
https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html
Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks.
Tomi Engdahl says:
New Mystic Stealer malware increasingly used in attacks https://www.bleepingcomputer.com/news/security/new-mystic-stealer-malware-increasingly-used-in-attacks/
Two individual reports on Mystic Stealer, published almost simultaneously by Zscaler and Cyfirma, warn about the emergence of the new malware, its sophistication, and what appears to be a surge in sales that brings many new campaigns online.
Tomi Engdahl says:
Jälleen lukuisia ongelmia aiheuttava päivitys Windows 10:lle – toivottavasti sinulla ei ole kiire minnekään https://www.tivi.fi/uutiset/tv/2d8ff103-5d81-4483-942e-11ba5f09f3da
Microsoft on julkaissut kesäkuun kumulatiivisen tietoturva- ja bugikorjauspäivityksen Windows 10 -käyttäjille. Päivitys on tunnisteeltaan KB5027215.
Pian sen julkaisun jälkeen alkoivat kuitenkin ongelmat, joista ärsyttävin lienee asennuksen jumiutuminen kesken. Lisäksi käyttäjät ovat raportoineet Windows Latest -sivuston mukaan ongelmasta, jossa päivityksen asennus saattaa kestää jopa puoli tuntia.
Tomi Engdahl says:
Western Digital boots outdated NAS devices off of My Cloud https://www.bleepingcomputer.com/news/security/western-digital-boots-outdated-nas-devices-off-of-my-cloud/
Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202.
Tomi Engdahl says:
Third MOVEit bug fixed a day after PoC exploit made public https://www.theregister.com/2023/06/16/third_moveit_bug_fixed/
Progress Software on Friday issued a fix for a third critical bug in its MOVEit file transfer suite, a vulnerability that had just been disclosed the day earlier.
Details of the latest vulnerability, tracked as CVE-2023-35708, were made public Thursday; proof-of-concept (PoC) exploit for the flaw, now fixed today, also emerged on Thursday.
Tomi Engdahl says:
Another RAT Delivered Through VBS
https://isc.sans.edu/diary/rss/29956
An analysis of a recently distributed VBS script.
Tomi Engdahl says:
US govt offers $10 million bounty for info on Clop ransomware https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/
The U.S. State Department’s Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government.
Tomi Engdahl says:
https://www.securityweek.com/microsoft-says-early-june-disruptions-to-outlook-cloud-platform-were-cyberattacks/
Tomi Engdahl says:
Barracuda Zero-Day Attacks Attributed to Chinese Cyberespionage Group
https://www.securityweek.com/barracuda-zero-day-attacks-attributed-to-chinese-cyberespionage-group/
Attacks exploiting the Barracuda zero-day CVE-2023-2868 have been linked to a Chinese cyberespionage group that has targeted government and other organizations.
Tomi Engdahl says:
Frank Bajak / Associated Press:
Microsoft says hacktivist group Anonymous Sudan’ DDoS attacks “temporarily impacted availability” of Azure, Teams, Outlook, and more services in early June 2023 — In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite …
https://apnews.com/article/microsoft-outage-ddos-attack-hackers-outlook-onedrive-7a23f92ab3cc2b7f0c590c7d08cf03fe
Tomi Engdahl says:
Microsoft resolves ‘dangerous’ new Azure vulnerabilities https://therecord.media/microsoft-azure-bastion-container-registry-vulnerabilities-resolved
Researchers with Orca Security said they discovered two “dangerous”
vulnerabilities with Azure Bastion and Azure Container Registry that could allow attackers to achieve cross-site scripting (XSS) – a process involving hackers injecting malicious scripts into trusted websites. These kinds of vulnerabilities can lead to unauthorized access, data theft, and even the complete compromise of the affected system.
Tomi Engdahl says:
Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems https://thehackernews.com/2023/06/researchers-discover-new-sophisticated.html
Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems.
Bitdefender’s analysis is based on an examination of four samples that were uploaded to VirusTotal by an unnamed victim. The earliest sample dates back to April 18, 2023. Two of the three malicious programs are said to be generic Python-based backdoors that are designed to target Windows, Linux, and macOS systems. The payloads have been collectively dubbed JokerSpy.
Tomi Engdahl says:
Tim Copeland / The Block:
How kids are using hacked Discord servers or Twitter accounts and “NFT drainers” for phishing attacks to steal millions of dollars’ worth of NFTs and tokens — – NFT drainers like Inferno and Venom are commonly used to carry out phishing attacks involving compromised Discord servers and Twitter accounts.
Phishing frenzy: School kids are stealing millions of dollars of NFTs — to buy Roblox skins
https://www.theblock.co/post/235022/phishing-frenzy-school-kids-are-stealing-millions-of-dollars-of-nfts-to-buy-roblox-skins
Tomi Engdahl says:
Cybercrime
Ransomware Gang Takes Credit for February Reddit Hack
https://www.securityweek.com/ransomware-gang-takes-credit-for-february-reddit-hack/
The Alphv/BlackCat ransomware gang has taken responsibility for the February cyberattack that hit social media site Reddit.
Tomi Engdahl says:
Akeyless Launches SaaS-based External Secrets Manager
https://www.securityweek.com/akeyless-launches-saas-based-external-secrets-manager/
New SaaS-based secrets manager from Akeyless requires no new infrastructure, and no specialist staff nor secrets management team.
Tomi Engdahl says:
Western Digital Blocks Unpatched Devices From Cloud Services
https://www.securityweek.com/western-digital-blocks-unpatched-devices-from-cloud-services/
Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability.
Tomi Engdahl says:
A Russian Ransomware Gang Breaches the Energy Department and Other Federal Agencies
https://www.securityweek.com/a-russian-ransomware-gang-breaches-the-energy-department-and-other-federal-agencies/
The cybersecurity firm SecurityScorecard says it detected 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies.
The Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday.
But for others among what could be hundreds of victims from industry to higher education — including patrons of at least two state motor vehicle agencies — the hack was beginning to show some serious impacts.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that unlike the meticulous, stealthy SolarWinds hacking campaign attributed to state-backed Russian intelligence agents that was months in the making, this campaign was short, relatively superficial and caught quickly.
Tomi Engdahl says:
Cybercrime
New Information Stealer ‘Mystic Stealer’ Rising to Fame
https://www.securityweek.com/new-information-stealer-mystic-stealer-rising-to-fame/
A new information stealer malware named Mystic Stealer is gaining traction among cybercriminals on prominent underground forums.
Tomi Engdahl says:
Asus Patches Highly Critical WiFi Router Flaws
https://www.securityweek.com/asus-patches-highly-critical-wifi-router-flaws/
Asus patches nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.
Taiwanese computer hardware manufacturer Asus on Monday shipped urgent firmware updates to address vulnerabilities in its WiFi router product lines and warned users of the risk of remote code execution attacks.
In an advisory, Asus documented at least nine security defects and multiple security weaknesses that allow code execution, denial-of-service, information disclosure and authentication bypasses.
The most serious of the nine vulnerabilities, a highly critical bug with a CVSS severity rating of 9.8/10, dates back to 2018 and exposes routers to code execution attacks.
The vulnerability, tagged as CVE-2018-1160, is a memory corruption issue in Netatalk before 3.1.12. “This is due to lack of bounds checking on attacker-controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution,” according to the advisory.
Tomi Engdahl says:
MOVEit Customers Urged to Patch Third Critical Vulnerability
https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/
A critical vulnerability (CVE-2023-35708) in MOVEit software could allow unauthenticated attackers to access database content.
Tomi Engdahl says:
Poliisi varoittaa katalasta huijauksesta Suomi.fin nimissä
Poliisi tiedottaa, että Suomi.fi -palvelun nimissä on lähetetty kalasteluviestejä.
https://www.iltalehti.fi/kotimaa/a/c8acb58d-1b32-4db8-9ec7-7f7c1c65e591
Poliisi varoittaa avaamasta sähköpostin tai tekstiviestin sisältämiä linkkejä. Viime aikoina liikkeellä on ollut huijaus, jossa Suomi.fi -palvelun nimissä on lähestytty ihmisiä sähköpostitse ja pyydetty kirjautumaan sähköpostin sisältämän linkin johtamalle sivulle.
Viesti sisältää vastaanottajan henkilökohtaisia tietoja ja siinä puhutaan asumistuesta.
Poliisin mukaan linkki johtaa tietojenkalastelusivustolle. Kalasteluviestejä on lähetetty ainakin Vastaamo-tietomurron uhreille. Poliisi kehottaa ottamaan välittömästi yhteyttä pankkiin, jos pankkitilillä näkyy tuntemattomia maksusuorituksia.
Tomi Engdahl says:
Vastaamon tietomurron uhreja huijausyrityksen kohteena – sähköpostilla tarjotaan runsaan 230 euron ”asumistukea”
https://yle.fi/a/74-20037736
Vastaamon tietomurron uhreille on lähetetty sähköposti, jossa heille ilmoitetaan runsaan 230 euron ”asumistuesta”. Suomi.fi-sivuston nimissä tehdylle huijaussivustolle vievää linkkiä ei tule avata.