Let’s Talk About IT (UK IT & Cybersecurity Live Stream) - 3rd July 2024. Covering ITNews and CyberNews news over the last week. Vulnerabilities announced: OpenSSH, WordPress (and plugins), Splunk, Cisco switches, TP-Link, Toshiba printers, Juinper, D-Link, Gitlab and more. How hackers are using Google ads and fakes sites to trick you. Breaches announced: TeamViewer, Prudential Financial, Affirm, and NHS… Who is launching a free privacy focused Google Docs alternative?
Vulnerabilities
- New regreSSHion OpenSSH RCE bug gives root on Linux servers
- regreSSHion: Uncovering CVE-2024-6387 in OpenSSH - A Critical Vulnerability | Splunk
- WordPress Releases Urgent Security Update to Patch XSS and Path Traversal Flaws
- Critical WordPress Plugin Flaw Exposes 90,000+ WordPress Sites
- Multiple Flaws in Splunk Enterprise Let Attackers Execute Arbitrary Code
- Cisco NX-OS Zero-Day Command Injection Vulnerability Let Hackers Gain Root Access
- Patch These Compromised WordPress Plugins Asap To Avoid Attacks
- Multiple TP-Link Omada Vulnerabilities Let Attackers Execute Remote Code
- Android’s July 2024 Security Update: 27 vulnerabilities Patched
- Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities
- Juniper releases out-of-cycle fix for max severity auth bypass flaw
- Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
- Critical GitLab bug lets attackers run pipelines as any user
- Ollama AI Platform Flaw Let Attackers Execute Remote Code
TTP
- Hackers Using Google Ads To Deliver ‘Poseidon’ Mac Stealer
- Fake IT support sites push malicious PowerShell scripts as Windows fixes
- New InnoSetup Malware posing As MS Office Crack To Evade detection
- Hackers Leveraging CHM Files To Attack Users With Password-Protected Zip Files
- Telegram Users Beware! SpyMax RAT Attacking to Steal Sensitive Data
- Beware Of “TRANSLATEXT” Chrome Extension From North Korean Hackers
- Hackers Attacking Users with Apple IDs Via Malicious SMS
- Booking.com warns of up to 900% increase in travel scams
Breaches
- TeamViewer Confirms that Russian Actors Behind the Recent Hack
- LockBit lied: Stolen data is from a bank, not US Federal Reserve
- Microsoft Alerts More Users in Update to Midnight Blizzard Hack
- Prudential Financial Hack: 2.5M Individuals Impacted
- Affirm says cardholders impacted by Evolve Bank data breach
- Stolen test data and NHS numbers published by hospital hackers