Cyber Security Informer

Weekly Update 87

Troy Hunt

MAY 17, 2018

The conference went fantastically well and, in all honesty, was the most enjoyable workshop I think I've done out of ~50 of them these last few years. NDC will be back on the Gold Coast next yet, plus of course it will be in Oslo in a few weeks' time then Sydney in September where we'll both do it all again. This week, we talk a lot about EV certs.

Update Chrome now! Google patches possible drive-by vulnerability

Malwarebytes

MARCH 28, 2024

Google has released an update to Chrome which includes seven security fixes. 87 of Chrome for Windows and Mac and 123.0.6312.86 The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. Version 123.0.6312.86/.87

Risk

Risk Cybersecurity

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Security Affairs

MARCH 27, 2024

Reported by wgslfuzz on 2024-03-11 “The Stable channel has been updated to 123.0.6312.86/.87 87 for Windows and Mac and 123.0.6312.86 Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. to Linux which will roll out over the coming days/weeks.

Hacking

Hacking Mobile Information Security

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

JUNE 3, 2022

Findings released this week by ReversingLabs show 87 percent of security and technology professionals view software tampering as a new breach vector of concern, yet only 37 percent say they have a way to detect it across their software supply chain. For a full drill down on our discussion please give the accompanying podcast a listen.

Software

Software Internet Internet System Administration

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

Unfortunately, experts noticed that more than 90% of the installs are still using flawed firmware versions and have yet to install the security updates (V3.01.21) provided by the vendor. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Firmware

Firmware Passwords Authentication Wireless

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).

Government

Government Banking Advertising Malware

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

Users are urged to update to HPE EIM v1.22 All an attacker has to do next is login to the web application with the updated admin password “by sending a request to URL /redfish/v1/SessionService/Sessions,” Tenable explained. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Authentication

Authentication Passwords Accountability System Administration

The four cybersecurity trends to watch in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

A recent McKinsey survey found that 87 percent of employees who have the chance to work remotely take it, and they spend an average of three days per week working outside the office. Unlike an employee’s laptop or smartphone, many of these devices don’t have built-in security updates, which means sharing a network with them is risky.

Cybersecurity

Cybersecurity VPN Digital transformation Education

Generative AI Changes Everything You Know About Email Cyber Attacks

CyberSecurity Insiders

APRIL 4, 2023

The latest iteration of this is the collapse of Silicon Valley Bank (SVB) and the resulting banking crisis, which has presented an opportunity for attackers to spoof highly sensitive communication, for example seeking to intercept legitimate communication instructing recipients to update bank details for payroll.

Cyber Attacks

Cyber Attacks Social Engineering Scams Phishing

Spotlight: as Attacks Mount, how to secure the Industrial Internet

The Security Ledger

DECEMBER 19, 2018

You should also listen to: Podcast Episode 87: Vulnerability Reports Down the Memory Hole in China and the Groups Hacking ICS. How do industrial networks and endpoints get targeted by malicious actors and why are they so vulnerable to software based attacks? It’s going to continue to happen.

Internet

Internet Internet IoT Cyber Risk

Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers

Troy Hunt

JULY 19, 2018

Admittedly, I'm taking advantage of the free grants that everyone using Functions gets each month (400,000GB/s and 1M executions) but even at 10 times those volumes, I'd still only be looking at $87 to run 40 million queries. for you guys to do 54M searches against a repository of half a billion passwords ??

DNS

DNS Passwords Firewall Authentication

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The NullMixer operations we dissected (ATK-16) count victims in at least 87 countries. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, NullMixer malware) The post Updates from the MaaS: new threats delivered through NullMixer appeared first on Security Affairs.

Malware

Malware Social Engineering Encryption Marketing

Cyber Security Informer

Weekly Update 87

Update Chrome now! Google patches possible drive-by vulnerability

Webinars

Trending Sources

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Webinars

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

CISA alert warns of Emotet attacks on US govt entities

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

The four cybersecurity trends to watch in 2023

Generative AI Changes Everything You Know About Email Cyber Attacks

Spotlight: as Attacks Mount, how to secure the Industrial Internet

Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers

Updates from the MaaS: new threats delivered through NullMixer

Stay Connected