Let's Talk About IT 16 - May 29th 2024

Live Streams
1

Vulnerabilities

  1. Check Point releases emergency fix for VPN zero-day exploited in attacks
  2. Foxit PDF Reader and Editor Flaw Let Attackers Escalate Privilege
  3. PoC Exploit Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
  4. GitLab XSS Vulnerability Could Allow Account Takeover
  5. Multiple Vulnerabilities Found In Cacti Network Monitoring Tool
  6. Hackers Exploit WordPress Plugin to Steal Credit Card Data
  7. DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn
  8. PoC Exploit Released For macOS Privilege Escalation Vulnerability
  9. Zscaler Client Connector Zero-interaction Privilege Escalation Vulnerability
  10. TP-Link fixes critical RCE bug in popular C5400X gaming router
  11. GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials
  12. Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks
  13. Hackers Advertising Pulse Connect Secure VPN RCE 0-Day
  14. More on Ivanti Connect Secure: Ivanti Zero-day Vulnerabilities: CVE-2023-46805 & CVE-2024-21887 | Rapid7 Blog
  15. LangChain JS Framework Vulnerability Let Hackers Read Arbitrary File on Servers
  16. Google Patched Another Chrome Zero-Day Under Active Attack
  17. Hackers Backdoored Courtroom Video Recording Software With System Hijacking Malware

TTP

  1. Hackers Using Greatness PaaS tool to Steal Microsoft 365 Login Credentials
  2. Hackers phish finance orgs using trojanized Minesweeper clone
  3. Beware of Fake Antivirus Websites Delivering Windows & Android Malware

Breaches

  1. Hackers Claim Ticketmaster Data Breach: 560M User Details and Payment Card Exposed
  2. Google won’t comment on a potentially massive search leak

Noteworthy

  1. OPNsense Roadmap - Planned enhancements and innovations
  2. https://ghostbsd.org/news/GhostBSD_24.04.1_Is_Now_Available

Miscellaneous

  1. PayPal is building an ad network based on your Venmo data
  2. YouTube rolls out its new Playables games to all users
  3. Ad blocker users say YouTube videos are now skipping to the end
  4. WhatsApp Chats Vulnerable To Government Monitoring – Report
  5. NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers
  6. Ransomhub Attacking Industrial Control Systems To Encrypt And Exfiltrate Data

Stream Link

https://youtube.com/live/wVhDnG7eAYw?list=PLSJyoFloAkDo93fi_o0WJD9-gJzfpWizG