This posting is here to collect cyber security news in April 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
111 Comments
Tomi Engdahl says:
Pegasus source code has been leaked and it’s by far the best rat available on the internet with more unique features
Tomi Engdahl says:
https://www.securityweek.com/cisa-warns-of-windows-print-spooler-flaw-after-microsoft-sees-russian-exploitation/
Tomi Engdahl says:
https://www.securityweek.com/cisco-raises-alarm-for-arcanedoor-zero-days-hitting-asa-firewall-platforms/
Tomi Engdahl says:
https://www.securityweek.com/microsoft-drm-hacking-could-allow-movie-downloads-from-popular-streaming-services/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16141-varo-myoes-fi-paeaetteisiae-sivustoja
Tomi Engdahl says:
Jonna sai Nordealta epäilyttävän viestin ja hälytyskellot soivat heti: ”Just sellainen, mitä pankki ei saisi lähettää”
Kaikki ei ole aina sitä, miltä näyttää. Pankin viestitkään.
https://www.is.fi/digitoday/tietoturva/art-2000010377362.html
Viestin otsikko on Asiakaskysely maksamiseen liittyvistä teemoista, ja lähettäjänä näkyy [email protected]. Sähköpostissa oleva linkki johtaa nordeabankabp.qualtrics.com-nimiselle verkkosivulle.
– Jos tämä on aito Nordealta tullut meili, niin mitä helkuttia?!?!?! Tämä on just sellainen, mitä mun mielestäni pankki EI saisi lähettää, Jonna jatkaa.
Erityisesti kummastusta herätti se, että Nordealla on käytössään verkko- ja mobiilipankin kautta toimivat turvaviestit. Eikö olisi loogista, että oikeat yhteydenotot tulisivat niiden kautta?
Viestin aidonoloisuudelle on syy. Nordean viestintä vahvistaa sen olevan aito.
– Viesti on Nordean lähettämä asiakaskysely. Kyselyssä oleva linkki ei pyydä asiakkaalta pankkisalaista tietoa eikä johda sisäänkirjautumissivulle, pankin viestinnästä kommentoidaan.
Tomi Engdahl says:
Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug
Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.
https://www.darkreading.com/ics-ot-security/siemens-working-on-fix-for-device-affected-by-palo-alto-firewall-bug
Siemens is urging organizations using its Ruggedcom APE1808 devices configured with Palo Alto Networks (PAN) Virtual NGFW to implement workarounds for a maximum severity zero-day bug that PAN recently disclosed in its next-gen firewall product.
The command injection vulnerability, identified as CVE-2024-3400, affects multiple versions of PAN-OS firewalls when certain features are enabled on them. An attacker has been exploiting the flaw to deploy a novel Python backdoor on affected firewalls.
Tomi Engdahl says:
Researchers Claim that Windows Defender Can Be Bypassed
Guru baran
By
Guru Baran
April 22, 2024
Cybersecurity experts from SafeBreach have revealed a series of vulnerabilities that could allow attackers to remotely delete files on a computer using Windows Defender, potentially leading to data loss and system instability.
Tomer Bar and Shmuel Cohen, seasoned security researchers at SafeBreach, presented the findings during their talk at the Black Hat conference.
https://gbhackers.com/research-windows-defender-bypassed/#google_vignette
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-fix-for-outlook-bug-unexpected-ICS-warnings-after-December-security-updates/
Tomi Engdahl says:
https://thehackernews.com/2024/04/researchers-uncover-windows-flaws.html
Tomi Engdahl says:
Google’s $6 A Month Chrome Security Subscription Is A Thing Now
https://www.forbes.com/sites/daveywinder/2024/04/26/googles-6-a-month-chrome-security-subscription-is-a-thing-now/
Google’s Chrome browser is used by an estimated 65% of the world’s internet-using population, which amounts to an astonishing 3.5 billion people. However, this widespread use also makes it a prime target for criminal hackers who exploit vulnerabilities to steal data and compromise users’ security. Google regularly updates the Chrome browser with security fixes and has even formed an in-house team of expert hackers to identify critical vulnerabilities before they can be used against it. But, it seems, this isn’t enough. Recently, Google announced an advanced Chrome security program. This increased security, however, is only available to businesses that are willing to pay a $6 monthly subscription fee per user.