Welcome to Security Sunday – Week 35,
our weekly IT Security Recap (28. 8. — 3. 9. 2023)
We compile noteworthy news incidents and vulnerabilities from the past week, shedding light on the ongoing challenges in maintaining digital security.
Data Leak
IT Contractor Data Breach Affects 47,000 Met Police Personnel
https://www.hackread.com/it-contractor-data-breach-met-police-personnel/Paramount discloses data breach following security incident.
https://www.bleepingcomputer.com/news/security/paramount-discloses-data-breach-following-security-incident/Personal, Health Information of 1.2 Million Stolen in PurFoods Ransomware Attack.
https://www.securityweek.com/personal-health-information-of-1-2-million-stolen-in-purfoods-ransomware-attack/


Ransomware
MSSQL Databases Under Fire From FreeWorld Ransomware.
https://www.darkreading.com/attacks-breaches/mssql-databases-under-fire-from-freeworld-ransomware
Vulnerability
Identity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions.
https://thehackernews.com/2023/09/okta-warns-of-social-engineering.htmlExploit released for critical VMware SSH auth bypass vulnerability.
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-vmware-ssh-auth-bypass-vulnerability/Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework
https://www.deepinstinct.com/blog/contain-yourself-staying-undetected-using-the-windows-container-isolation-frameworkHackers Exploit Adobe ColdFusion Vulnerabilities to Deploy Malware.
https://www.hackread.com/hackers-adobe-coldfusion-vulnerabilities-malware/


Cyber Attack
Czech banks under attack, Polish banks also reported outages. A cyber DDoS attack from Russia is behind it.
https://czechdaily.cz/two-czech-banks-experience-service-outages-due-to-cyber-attacks/Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom.
https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediationHacking campaign brute-forces Cisco VPNs to breach networks.
https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/Hackers exploit critical Juniper RCE bug chain after PoC release
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-juniper-rce-bug-chain-after-poc-release/Russian APT Intensifies Cyber Espionage Activities Amid Ukrainian Counter-Offensive.
https://www.infosecurity-magazine.com/news/russian-apt-cyber-espionage/
Social Engineering
- New Research Exposes Airbnb as Breeding Ground For Cybercrime.
https://slashnext.com/blog/how-cybercriminals-abuse-airbnb-for-fraudulent-activities/
