Latest News Articles



--- TLP:WHITE ---

News

− Telegram for Android hit by a zero-day exploit

ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos.

https://www.welivesecurity.com/en/videos/telegram-android-hit-zero-day-exploit-week-security-tony-anscombe/

− Twitter begins training Grok AI with your posts, here's how to disable

Twitter has quietly begun training its Grok AI chat platform using members' public posts without first alerting anyone that it is doing it by default.

https://www.bleepingcomputer.com/news/security/x-begins-training-grok-ai-with-your-posts-heres-how-to-disable/

− Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks

Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks.

https://www.bleepingcomputer.com/news/microsoft/microsoft-ransomware-gangs-exploit-vmware-esxi-auth-bypass-in-attacks/

− UK Electoral Commission reprimanded for basic cybersecurity fails

The Information Commissioner (the Commissioner) issues a reprimand to The Electoral Commission in accordance with Article 58(2)(b) of the UK General Data Protection Regulation in respect of certain infringements of the UK GDPR.

https://ico.org.uk/media/action-weve-taken/reprimands/4030454/the-electoral-commission-reprimand.pdf

− Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova

Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader.

https://thehackernews.com/2024/07/cyber-espionage-group-xdspy-targets.html

Vulnerabilities

− High Severity vulnerability in Progress MOVEit Transfer

An improper high severity authentication vulnerability has been discovered in Progress MOVEit Transfer (SFTP module) that can lead to privilege escalation if exploited.

https://www.ncsc.gov.ie/pdfs/2407300164_Vuln_Progress_MOVEit.pdf

Community News

− Building cyber-resilience: Lessons learned from the CrowdStrike incident

Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances.

https://www.welivesecurity.com/en/cybersecurity/building-cyber-resilience-lessons-learned-crowdstrike-incident/

--- TLP:WHITE ---