Security Bulletin
27 Mar 2024
Biztonsági szemle
Immediate creation of dedicated US Cyber Force pushed
Severely lacking military coordination and recruitment for U.S. cybersecurity efforts have prompted the Foundation for Defense of Democracies to urge Congress to immediately advance an independent Cyber Force that would ensure the country's cyber...
27 Mar 2024
Biztonsági szemle
ASEAN targeted by Chinese APTs
Cyberespionage operations have been conducted by a pair of Chinese advanced persistent threat groups against organizations in countries part of the Association of Southeast Asian Nations since January, The Hacker News reports.
27 Mar 2024
Biztonsági szemle
New DeNexus, Cipher collaborations aims to boost industrial cybersecurity
Major cyber risk quantification service provider DeNexus and cybersecurity firm Cipher Security have partnered to better evaluate industrial control system and operational technology cybersecurity risks faced by critical infrastructure organizations...
27 Mar 2024
Biztonsági szemle
Snapchat user traffic reportedly subjected to secret Facebook surveillance
TechCrunch reports that Facebook was revealed to have covertly conducted Snapchat network traffic interception and decryption since 2016 as part of the initiative dubbed "Project Ghostbusters" that sought to bolster user behavior analysis and better...
27 Mar 2024
Biztonsági szemle
Nearly 2K Shopify stores' data exposed by plugins
More than 1,800 stores on major e-commerce platform Shopify using Saara's EcoReturns and WyseMe plugins had 25 GB of data exposed due to the developer's misconfigured MongoDB database, according to Cybernews.
27 Mar 2024
Biztonsági szemle
Cyber incident against The Big Issue confirmed after Qilin ransomware claims
Major UK street newspaper and social enterprise The Big Issue had its systems confirmed to be impacted by a cyberattack days after the intrusion was admitted by the Qilin ransomware operation, which claimed the exfiltration of 550 GB of confidential...
27 Mar 2024
Biztonsági szemle
CVE-2024-28872: Incorrect TLS certificate validation can lead to escalated privileges
CVE: CVE-2024-28872 Title: Incorrect TLS certificate validation can lead to escalated privileges Document version: 1.0 Posting date: 27 March 2024 Program impacted: Stork Versions affected: Stork 0.15.0 -> 1.15.0 Severity: High Exploitable: Remotely...
27 Mar 2024
Biztonsági szemle
Industrial systems targeted by suspicious NuGet package
Industrial cyberespionage could potentially be facilitated by the new suspicious SqzrFramework480 NuGet package seemingly targeted to developers using tools by Chinese industrial firm Bozhon Precision Industry Technology Co., according to The Hacker...
27 Mar 2024
Biztonsági szemle
A review of zero-day in-the-wild exploits in 2023
Today, Google released its report “We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023.”
27 Mar 2024
Biztonsági szemle
A review of zero-day in-the-wild exploits in 2023
Today, Google released its report “We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023.”
27 Mar 2024
Biztonsági szemle
Scans for Apache OfBiz, (Wed, Mar 27th)
Today, I noticed in our "first seen URL" list, two URLs I didn't immediately recognize:
27 Mar 2024
Biztonsági szemle
Balancing agility and predictability to achieve major engineering breakthroughs
Security Cloud is the future for Cisco Security and our customers that requires the utmost in engineering agility from us