All posts tagged hack

■■■□□ Privacy: State-sponsored Cyber-Crime group NSO from Israel hacked new Pegasus victims weeks after Apple sought injunction. Jordanian journalists, lawyers and human rights defenders were targeted with spyware. https://techcrunch.com/2022/04/05/nso-pegasus-jordan-apple/ https://t.me/cKure/11152

■■□□□ Zero-Day: Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software. https://www.bleepingcomputer.com/news/security/palo-alto-networks-firewalls-vpns-vulnerable-to-openssl-bug/ https://t.me/cKure/11151

■■■■□ Data-Leak: Panasonic Canada was hit by Conti Ransomware group, and part of the data has started to leak. https://t.me/cKure/11150

■■■■□ Cyber-Attack on Israel as Israeli officials are being catfished by AridViper hackers. APT-C-23, Desert Falcon (active in middle-east region) is targeting high-ranking individuals in defense, law, and emergency services. https://www.zdnet.com/article/israeli-officials-are-being-spied-on-by-aridviper-hackers/ https://t.me/cKure/11148

■■■■■ Hacking DICOM: the hospital standard. https://www.securityartwork.es/2022/04/05/hacking-dicom-the-hospital-standard-2/ https://t.me/cKure/11147

■□□□□ Corsha, a Washington, D.C.-based cybersecurity startup, has secured a $12 million Series A investment to bring multi-factor authentication (MFA) to machine-to-machine API traffic. https://techcrunch.com/2022/04/05/corsha-mfa-api-traffic/ https://t.me/cKure/11146

■■■■□ Update! Spring4Shell Zero-Day Vulnerability CVE-2022-22965: All You Need To Know. https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html https://jfrog.com/blog/springshell-zero-day-vulnerability-all-you-need-to-know/ https://t.me/cKure/11145

■■□□□ Zoom’s Bug Bounty Programs Soar to $1.8M. https://t.me/cKure/11144

■■■□□ On April 6, 2022 VMware released VMSA-2022-0011, a critical advisory addressing security vulnerabilities found and resolved in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. https://core.vmware.com/vmsa-2022-0011-questions-answers-faq#section1 https://t.me/cKure/11143

■■■■□ CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30. https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html https://www.forbes.com/sites/gordonkelly/2022/04/05/google-chrome-warning-new-hack-attack-vulnerability-upgrade-chrome-now/?sh=62a84d66341d https://t.me/cKure/11142