- Security News Headlines
- Posts
- Security News Headlines #80
Security News Headlines #80
Ian Bishop
July 26, 2024
Today's headlines cover a range of topics from WordPress vulnerabilities to critical infrastructure threats and new malware attacks. Let's dive into the critical stories that are shaping the security landscape.
The FBI and CISA, along with international partners, have released an advisory detailing ongoing North Korean cyber espionage activities. The advisory highlights tactics, techniques, and procedures used by North Korean threat actors. Organizations are urged to strengthen their defenses and remain vigilant.
CISA has issued two new advisories for industrial control systems (ICS), addressing vulnerabilities that could be exploited by attackers. ICS operators should review these advisories and implement the recommended security measures to protect their systems from potential threats.
Truffle Security has discovered that deleted and private repository data on GitHub can still be accessed. This vulnerability poses significant risks to sensitive information. GitHub users should review their repositories' privacy settings and remove any sensitive data from past commits.
A widespread cyberattack is targeting exposed Remote Desktop Protocol (RDP) services, attempting to gain unauthorized access to systems. Administrators are advised to secure RDP services by implementing strong authentication mechanisms and limiting access to trusted IP addresses.
Google has released updates for Chrome, addressing five high-risk security vulnerabilities affecting both desktop and mobile versions. Users are urged to update their browsers to the latest version to protect against potential exploits.
A new malware, dubbed Stargazers Goblin, has been found on GitHub, targeting developers and users of the platform. The malware can steal credentials and sensitive data from infected systems. GitHub users should be cautious when downloading and running code from unknown sources.
A new vulnerability, named PKFail, allows attackers to bypass Secure Boot and install UEFI malware. This flaw affects numerous devices, compromising their integrity at a fundamental level. Device manufacturers and users should apply the latest firmware updates to mitigate this risk.
Columbus, Ohio, has experienced a significant cyber incident involving ransomware. The attack has disrupted various city services, highlighting the ongoing threat of ransomware to public sector organizations. City officials are working to restore affected systems and services.
Google is enhancing Chrome's Safe Browsing protection to include scanning of password-protected files. This update aims to provide better security against malicious downloads. Users can expect improved protection from malware and phishing attempts.
Threat actors are reviving Internet Explorer to exploit vulnerabilities and lure in Windows users. This tactic targets systems that still have the legacy browser installed. Users are advised to remove Internet Explorer and use modern, secure browsers.
Researchers have identified multiple vulnerabilities in the Deep Sea Electronics DSE855, a controller used in various industrial applications. These flaws could allow attackers to disrupt operations or gain unauthorized access. Affected organizations should apply the latest patches and secure their systems.
A critical vulnerability has been discovered in Telerik Report Server, allowing attackers to execute arbitrary code. This flaw poses a significant risk to organizations using the software. Users should update to the latest version to protect against potential exploits.
CrowdStrike has identified a new info-stealer malware, Lumma, targeting Windows systems. The malware is designed to steal sensitive information such as credentials and financial data. Users are advised to update their security solutions and monitor for any signs of infection.
Federal agencies have issued warnings about ongoing North Korean cyberattacks targeting US critical infrastructure. These attacks aim to disrupt essential services and steal sensitive information. Organizations in critical sectors should bolster their defenses and remain vigilant.
Researchers have found that Secure Boot is completely compromised on over 200 models from five major device makers. This vulnerability allows attackers to bypass security checks and load malicious firmware. Users should check for updates from device manufacturers to mitigate this issue.
Critical remote code execution (RCE) vulnerabilities in ServiceNow are being actively exploited to steal credentials. These flaws pose a significant risk to organizations using the platform. Immediate patching is recommended to secure affected systems.
Future Outlook
The continuous discovery of new vulnerabilities and sophisticated attack techniques highlights the necessity for proactive security measures. Organizations must stay updated with the latest patches, enhance their defenses, and educate their teams to mitigate evolving cyber threats.
Reply