Security Bulletin
9 Dec 2023
Biztonsági szemle
Microsoft DHCP could be leveraged for Active Directory DNS spoofing
SiliconAngle reports that threat actors could exploit Microsoft's Dynamic Host Configuration Protocol DNS Dynamic Updates functionality to facilitate the spoofing of Active Directory DNS records without additional user authentication.
9 Dec 2023
Biztonsági szemle
Current, upcoming CPUs face SLAM side-channel attack threat
Modern CPUs, including current AMD processors, as well as upcoming offerings from Arm, AMD, and Intel with support for the Top Byte Ignore, Upper Access Ignore, and Linear Address Masking hardware-based security features are at risk of a new side...
9 Dec 2023
Biztonsági szemle
Federal incident response requirement adherence still lagging
SecurityWeek reports that while all 23 U.S. federal agencies have worked to integrate the Cybersecurity and Infrastructure Security Agency's vulnerability and incident response playbook into their incident response plans, as well as commenced...
9 Dec 2023
Biztonsági szemle
Lazarus sub-group targets South Korean defense firms
Defense industry organizations in South Korea had data concerning anti-aircraft weapon systems exfiltrated by North Korean state-sponsored threat operation Andariel, a sub-cluster of Lazarus Group, reports The Record, a news site by cybersecurity...
9 Dec 2023
Biztonsági szemle
Thai telecoms' Linux systems subjected to Krasue RAT compromise
BleepingComputer reports that telecommunications firms in Thailand had their Linux systems stealthily compromised with the Krasue remote access trojan, which sought persistent host access, since 2021.
9 Dec 2023
Biztonsági szemle
Extensive APT28 attack campaign with Outlook zero-day detailed
At least 30 organizations across 14 countries, most of which are part of NATO, and a NATO Rapid Deployable Corps have been targeted by Russian state-sponsored threat operation APT28, also known as Fancy Bear, Fighting Ursa, and Sofacy, in attacks...
8 Dec 2023
Biztonsági szemle
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches
Data breaches are rapidly accelerating, according to a number-crunching report from Apple this week — heightening the need to finally implement end-to-end data encryption.
8 Dec 2023
Biztonsági szemle
Making Cyber Insurance Available for Small Biz, Contractors
Cyber insurance companies are moving down-market to offer policies to help protect remote employees, independent contractors, and small businesses from the cost of cyberattacks.
8 Dec 2023
Biztonsági szemle
Increased Cyber Regulation in the Offing as Attacks Mount
Cybersecurity could be heading for a Sarbanes Oxley-type of regulation in light of escalating attacks, but the devil is in the details.
8 Dec 2023
Biztonsági szemle
Trojan-proxy based on macOS piggybacks on cracked software
Security researchers say the emergence of the macOS trojan-proxy shows that all operating systems are under attack as hackers don't discriminate.
8 Dec 2023
Biztonsági szemle
Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug
State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign.
8 Dec 2023
Biztonsági szemle
AI drives holiday phishing scams, as well as email defenses
Generative artificial intelligence tools intensify the phishing arms race this holiday season between hackers and inbox defenders.