Timeframe: Donnerstag 02-11-2023 18:00 - Freitag 03-11-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
New macOS KandyKorn malware targets cryptocurrency engineers
A new macOS malware dubbed KandyKorn has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments.
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
Prioritising Vulnerabilities Remedial Actions at Scale with EPSS
In this article, I-m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System.
Einstufung von Sicherheitslücken: Der CVSS-4.0-Standard ist da
Von niedrig bis kritisch: Das Common Vulnerability Scoring System (CVSS) hat einen Versionssprung vollzogen.
Apples "Wo ist": Keylogger-Tastatur nutzt Ortungsnetz zum Passwortversand
Eigentlich soll es helfen, verlorene Dinge aufzuspüren. Unsere Keylogger-Tastatur nutzt Apples "Wo ist"-Ortungsnetz jedoch zum Ausschleusen von Daten.
Lücke in VMware ONE UEM ermöglicht Login-Klau
Durch eine unsichere Weiterleitung können Angreifer SAML-Tokens angemeldeter Nutzer klauen und deren Zugänge übernehmen. VMware stellt Updates bereit.
Should you allow your browser to remember your passwords?
It-s very convenient to store your passwords in your browser. But is it a good idea?
You-d be surprised to know what devices are still using Windows CE
Windows CE - an operating system that, despite being out for 27 years, never had an official explanation for why it was called -CE- - finally reached its official end-of-life period this week. This was Microsoft-s first operating system for embedded and pocket devices, making an appearance on personal pocket assistants, some of the first BlackBerry-likes, laptops and more during its lifetime.
QNAP Security Advisories 2023-11-04
QNAP released 4 new security advisories (2x Critical, 2x Medium). Music Station, QTS, QuTS hero, QuTScloud, Multimedia Console and Media Streaming add-on.
Security updates for Friday
Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile).
Vulnerability in IBM SDK, Java Technology Edition may affect IBM Operations Analytics Predictive Insights
Multiple security vulnerabilities in Go may affect IBM Robotic Process Automation for Cloud Pak