Let's Talk About IT (23) - 17th July 2024

Vulnerabilities

• Ivanti Endpoint Manager SQLi Vulnerability Allows Remote Code Execution
• Atlassian Data Center & Server Flaw Let Hackers Execute Arbitrary Code
• Apache HugeGraph-Server RCE Vulnerability Under Active Attack
• Multiple Netgear Vulnerabilities Let Attackers Bypass Authentication
• WordPress Plugin Flaw Let Attackers Seize Administrative Control
• Vulnerability In Modern Events Calendar WordPress Plugin Actively Exploited
• ProfileGrid WordPress Plugin Vulnerability Could Allow Admin Access
• CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
• Juniper Junos Flaw Let Attackers Gain Full ‘Root’ Access
• Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code
• Critical Exim Mali Server Vulnerability Impacts 1.5 Million Email Servers
• Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

TTP

• Beware of Fake Microsoft Teams That Deliver macOS Malware
• Beware! of New Phishing Tactics Mimic as HR Attacking Employees

Breaches

• Over 400,000 Life360 user phone numbers leaked via unsecured API
• Email addresses of 15 million Trello users leaked on hacking forum
• Massive Data of 361M Unique Emails & Passwords Up For Sale on Telegram
• BMW Hong Kong Faces Major Data Breach: 14,000 Customer Records Exposed

Note worthy

• Microsoft announces new Windows ‘checkpoint’ cumulative updates

Miscellaneous

• June Windows Server updates break Microsoft 365 Defender features

Stream Link

https://youtube.com/live/LfQHbWP4z_E?list=PLSJyoFloAkDo93fi_o0WJD9-gJzfpWizG