Lets Talk About IT 18 - Wed 12th June 2024

Live Streams
1

Vulnerabilities

  1. Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs
  2. Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE Flaw
  3. Critical Microsoft Outlook Zero-Click RCE Flaw Executes as Email is Opened
  4. New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes
  5. PHP Updates Urged Over Critical Vuln That Could Lead To RCE
  6. VLC Media Player Vulnerabilities Allow Remote Code Execution
  7. JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
  8. VS Code Marketplace Flaw Let Attackers Include Malicious Extensions
  9. TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
  10. Popular Biometric Terminal Vulnerable To QR Code SQL Injection
  11. Check-in terminals used by thousands of hotels leak guest info
  12. Arm Warns Of Mali GPU Kernel Driver Flaws Exploited In The Wild
  13. Netgear WNR614 flaws allow device takeover, no fix available
  14. Quit Using EmailGPT as Vulnerability Risks Users Data
  15. Exploit for critical Veeam auth bypass available, patch now
  16. Hackers Attack ThinkPHP By Injecting Payload From Remote Servers
  17. PoC Exploit Released for High Severity Apache HugeGraph RCE flaw
  18. CISA Urges Administrators To Review Newly Released Six ICS Advisories
  19. Bitdefender GravityZone Flaw Let Hackers Launch SSRF Attacks
  20. Huge Surge in Attacks Exploiting Check Point VPN Zero-Day Vulnerability

TTP

  1. ComfyUI Users Targeted by Malicious Code Designed to Steal Login Credentials
  2. Safari, Microsoft Edge, & DuckDuckGo Spoofing Flaws Impacting Millions of Users
  3. Chinese hackers breached 20,000 FortiGate systems worldwide
  4. New Warmcookie Windows backdoor pushed via fake job offers
  5. Hackers Used Homemade Mobile Antenna To Send Thousands Of Smishing Messages
  6. Gitloker attacks abuse GitHub notifications to push malicious OAuth apps
  7. Free Android VPNs Suffering Encryption Failures, New Report
  8. APT Hackers Abusing Google & OneDrive To Host Malicious Scripts
  9. SSLoad Malware Employs MSI Installer To Kick-Start Delivery Chain
  10. Chinese Hackers using New Noodle RAT to Attack Linux Servers
  11. Hackers Weaponizing MSC Files In Targeted Attack Campaign
  12. Hackers Using OTP Bots To Bypass Two-Factor Authentication
  13. Beware of Fake Google Chrome Update Pop-Ups that Installs Malware

Breaches

  1. Pure Storage Data Breach Following Snowflake Hack: LDAP Usernames, Email Addresses Exposed
  2. Cylance confirms data breach linked to ‘third-party’ platform
  3. 23andMe data breach under investigation in UK and Canada
  4. Frontier warns 750,000 of a data breach after extortion threats
  5. Christie’s Says Ransomware Attack Impacts 45,000 People

Note worthy

  1. Windows 11 KB5039212 update released with 37 changes, fixes
  2. Windows 10 KB5039211 update released with new feature, 12 fixes
  3. Fortinet to Acquire AI-Powered Cloud Security Platform Lacework
  4. Apple set to launch a new password management app for iPhone and Mac Users
  5. Microsoft makes Windows Recall opt-in, secures data with Windows Hello
  6. Spam Blocklist SORBS Closed By Its Owner, Proofpoint

Miscellaneous

  1. Firefox 127 Released With patch for 15 Vulnerabilities
  2. Chrome 126 Released With Patch For 21 Security Flaws
  3. Kali Linux 2024.2 Released With New Hacking Tools
  4. Parrot Security OS 6.1 Released – What’s New

Stream Link

https://youtube.com/live/qgMnkIK4L7s?list=PLSJyoFloAkDo93fi_o0WJD9-gJzfpWizG