InfoSecBulletin Cybersecurity for mankind
*About 5,000 Okta employees had their data accessed during a third-party data breach on October 12. The breach involved stolen information, including names, Social Security numbers, and medical insurance details of both current and former employees.
*The AP News website was down because of a DDoS attack. Only some pages and story links didn’t load, but the delivery to customers and mobile apps worked fine.
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
Daily Security Digest Dated 11/23/24
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
Over 145,000 ICS Across 175 Countries Found Exposed Online
World to see AI powered “human washing machines”
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
*MITRE has released version 14 of the ATT&CK framework. It includes improvements to detections and ICS and mobile matrices. The new version covers a total of 760 software, 143 activity groups, and 24 campaigns in enterprise, mobile, and ICS matrices.
*48 malicious packages were found in the npm repository. These packages can deploy a reverse shell on compromised systems. They used legitimate names to deceive users.
