Börzel IT
Updates
- Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws
- Microsoft Office update breaks actively exploited RCE attack chain
- Microsoft Exchange updates pulled after breaking non-English installs
- SAP Patches Critical Vulnerability in PowerDesigner Product
- Adobe releases patches for dozens of vulnerabilities affecting suite of programs
- 40 Vulnerabilities Patched in Android With August 2023 Security Updates
- Google to fight hackers with weekly Chrome security updates
Threats
- Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
- Understanding Active Directory Attack Paths to Improve Security
- Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
- Zoom's Updated Terms of Service Permit Training AI on User Content Without Opt-Out
- Dell Compellent hardcoded key exposes VMware vCenter admin creds
- Attacker combines phone, email lures into believable, complex attack chain
- Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
- Hackers increasingly abuse Cloudflare Tunnels for stealthy connections
- Vulnerabilities in CODESYS V3 SDK could lead to OT environments being exploited using RCE, DoS attacks
- Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR
- LOLBAS in the Wild: 11 Living-Off-The-Land Binaries That Could Be Used for Malicious Purposes
- Microsoft Visual Studio Code flaw lets extensions steal passwords
- EvilProxy phishing campaign targets 120,000 Microsoft 365 users
- Phishing über Amazon Web Services
- Popular open source project Moq criticized for quietly collecting data
Incidents
- Datenleck bei Rosenbauer: Hacker konnten Standortdaten von Feuerwehrautos einsehen
- North Korean hackers 'ScarCruft' breached Russian missile maker
Cyber Crime
- German military procurement officer arrested on suspicion of spying for Russia
- Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
- Charming Kitten APT is targeting Iranian dissidents in Germany
- Police seize LOLEK bulletproof service for hosting malware
- Interpol takes down 16shop phishing-as-a-service platform
- Lapsus$ hackers took SIM-swapping attacks to the next level
Malware
- AgentTesla Malware Targets Users with Malicious Control Panel File
- New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs
Misc.
- Fortinet Announces Free Security Awareness Curriculum for K-12 Students Tied to White House's Cyber Initiatives
- Cyberresilienz: Mikrosegmentierung rückt in den Fokus
- How Teenagers Hacked Some Of The World's Biggest Targets
- Day 1 of Black Hat USA 2023 | Generative AI, Automation & The Security Landscape of Tomorrow
- Day 2 of Black Hat USA 2023 | Exploring The Power of a Threat Intel & AI-Driven Future
