Börzel IT
Updates
- Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
- Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws
- Microsoft fixes critical Azure CLI flaw that leaked credentials in logs
- CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog
- CISA warns of actively exploited Windows, Sophos, and Oracle bugs
- SAP Patches Critical Vulnerability in Business One Product
- Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
- Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw
- A critical OS command injection flaw affects Fortinet FortiSIEM
- WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
- Exploit for CrushFTP RCE chain released, patch now
- Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
- Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass
Threats
- VMware discloses critical VCD Appliance auth bypass with no patch
- Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability
- New SSH Vulnerability - Schneier on Security
- In a first, cryptographic keys protecting SSH connections stolen in new attack
- Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks
- Datenabfluss möglich: Mein Justizpostfach erlaubte Zugriff auf fremde Daten
- ChatGPT Is Apparently a Great Surveillance Tool
- Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware
- Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
- Attacker Hidden in Plain Sight for Nearly Six Months, Targeting Python Developers
- Israel warns of BiBi wiper attacks targeting Linux and Windows
- MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet
Incidents
- Clorox CISO flushes self after multimillion-dollar attack
- Ransomware gang files SEC complaint over victim’s undisclosed breach
- Illegale Krypto-Mining-Rigs im polnischen Obersten Verwaltungsgericht gefunden
- New Samsung data breach impacts UK store customers
- Toyota confirms breach after Medusa ransomware threatens to leak data
Cyber Crime
- Meet the Unique New "Hacking" Group: AlphaLock
- New Ransomware Group Emerges with Hive's Source Code and Infrastructure
- CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
