Security Bundle

"Sandbox Escape Vulnerabilities in Judge0 expose systems to completer takeover."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 29 April 2024, 1344 UTC.

Content and Source:  https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895/Security News Bundle.

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security News Bundle

28

MOST POPULAR

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

2 TTPs

•

78The Hacker News / 2h

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian

UK lays down fresh legislation banning crummy default device passwords

New laws in UK protect consumers from cyber

•

The Register – Security / 1h

New laws mean vendors need to make clear how long you'll get updates too Smart device manufacturers will have to play by new rules in the UK as of today, with laws coming into force to make it more difficult for cybercriminals to break into hardware such as phones and tablets.…

Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People

SecurityWeek / 2h

Financial Business and Consumer Solutions (FBCS) says compromised information may include names, dates of birth, Social Security numbers, and account information. The post appeared first on SecurityWeek .

TODAY

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

FBCS data breach impacts 2M individuals

•

Security Affairs / 8min

Financial Business and Consumer Solutions (FBCS) suffered a data breach that exposed information 2 million individuals. Debt collection agency Financial Business and Consumer Solutions (FBCS) disclosed a data breach that may have impacted 1,955,385 individuals. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on be

France willing to buy key Atos assets to keep them French

France moves to acquire Atos

•

The Register – Security / 43min

Finance minister says government has interests in IT giant's 'sovereign activities' The French government has tabled an offer to buy key assets of ailing IT giant Atos after the company late last week almost doubled its estimate of the cash it will need to stay afloat in the near future.…

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

45The Hacker News / 1h

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many

Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies

Okta warns of credential stuffing

•

SecurityWeek / 2h

Okta warned of a spike in credential stuffing attacks using anonymizing services such as Tor, DataImpulse, Luminati, and NSocks. The post appeared first on SecurityWeek .

Cyber-Partisans hacktivists claim to have breached Belarus KGB

Belarusian hackers breach KGB security

•

Security Affairs / 3h

A Belarusian group of activist group claims to have infiltrated the network of the country’s main KGB agency. The Belarusian hacktivist group Cyber-Partisans claims to have infiltrated the network of the country’s main KGB security agency. The hackers had access to personnel files of over 8,600 employees. #belarus #kgb got hacked by @cpartisans . The KGB website is down for 2months. KGB database

Watchdog reveals lingering Google Privacy Sandbox worries

Google delays third-party cookie deprecation

•

The Register – Security / 3h

Ad tech rewrite to replace web cookies still not to regulatory taste The UK Competition and Markets Authority (CMA) still has privacy and competition concerns about Google's Privacy Sandbox advertising toolkit, which explains why the ad giant recently again delayed its plan to drop third-party cookies in Chrome until 2025.…

CISA unveils guidelines for AI and critical infrastructure

CyberScoop / 3h

The post appeared first on CyberScoop .

YESTERDAY

The Los Angeles County Department of Health Services disclosed a data breach

LA County Health Services data breach phishing

•

Security Affairs / 5h

The Los Angeles County Department of Health Services reported a data breach that exposed thousands of patients’ personal and health information. that impacted thousands of patients. Patients’ personal and health information was exposed after a phishing attack impacted over two dozen employees. Los Angeles County Department of Health Services operates the public hospitals and clinics in Los Angel

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Command and Scripting Interpreter (Enterprise T1059)

•

Security Affairs / 6h

Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances. Multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application could potentially compromise affected appliances. The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 (i

The next step up for high-impact identity authorization

The Register – Security / 10h

How SSH Communications Security cuts through the hype around Zero Trust to secure the connections that matter Sponsored Feature As business enters the 2020s, organizations find themselves protecting fast-expanding digital estates using security concepts that are decades old.…

Discord dismantles Spy.pet site that snooped on millions of users

3 TTPs

•

The Register – Security / 11h

ALSO: Infostealer spotted hiding in CDN cache, antivirus update hijacked to deliver virus, and some critical vulns Updated - Infosec in brief They say sunlight is the best disinfectant, and that appears to have been true in the case of Discord data harvesting site Spy.pet – as it was recently and swiftly dismantled after its existence and purpose became known.…

ICICI Bank exposed credit card data of 17000 customers

ICICI Bank iMobile app glitch reported

•

Security Affairs / 16h

ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data of thousands of new credit cards to unintended recipients. ICICI Bank, one of the leading private banks in India, accidentally exposed data of thousands of new credit cards to customers who were not the intended recipients. ICICI Bank Limited is an Indian multinational bank and financial services company headquartere

Hackers Claim to Have Infiltrated Belarus’ Main Security Service

Belarusian hackers breach KGB security

•

SecurityWeek / 20h

A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees. The post appeared first on SecurityWeek .

US Post Office phishing sites get as much traffic as the real one

68BleepingComputer / 21h

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. [...]

Google Chrome's new post-quantum cryptography may break TLS connections

300+BleepingComputer / 21h

Some ​Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. [...]

Okta warns of unprecedented scale in credential stuffing attacks on online services

5 TTPs

•

Security Affairs / 22h

•

Okta warns of credential stuffing

Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. In recent weeks, Okta observed a surge in credential stuffing attacks against online services, aided by the widespread availability of residential proxy services, lists of previously compromised credentials (“combo lists”), and automation tools. “Over the last month, Ok

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

5 TTPs

•

31The Hacker News / 23h

•

Okta warns of credential stuffing

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs / 1d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the