Börzel IT
Updates
- October 2023 Microsoft Patch Tuesday Summary - SANS Internet Storm Center
- Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws
- Microsoft Exchange gets ‘better’ patch to mitigate critical bug
- Microsoft warns of incorrect BitLocker encryption errors
- Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
- Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now
- Security Patch for Two New Flaws in Curl Library Arriving on October 11
- curl - SOCKS5 heap buffer overflow - CVE-2023-38545
- Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw
- New critical Citrix NetScaler flaw exposes 'sensitive' data
- Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials
- NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967
- CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server | Atlassian Support | Atlassian Documentation
- Juniper Networks Patches Over 30 Vulnerabilities in Junos OS
- SAP Releases 7 New Notes on October 2023 Patch Day
- CISA Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
- GNOME Linux systems exposed to RCE attacks via file downloads
- Cisco fixes hard-coded root credentials in Emergency Responder
- Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
Threats
- Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection
- LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts
- D-Link WiFi range extender vulnerable to command injection attacks
- ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
- HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
- EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
- Exploits released for Linux flaw giving root on major distros
Incidents
- Ungeschützte Kundendaten: Massives Datenleck bei Vodafone?
- Sony sent data breach notifications to about 6,800 individuals
- Google & Co.: Tech-Giganten wehren bisher größte DDoS-Attacke ab
- Air Europa gehackt: Fluglinie rät Kunden, Kreditkarten zu sperren
Cyber Crime
- North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime
- Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors
- Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike
Misc.
- CCC | Informieren, diskutieren, lernen: CCC lädt zum 37. Chaos Communication Congress in Hamburg
- NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | CISA
- FBI shares AvosLocker ransomware technical details, defense tips
- Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
- NSA and CISA reveal top 10 cybersecurity misconfigurations
- Microsoft to kill off VBScript in Windows to block malware delivery
