Invinsense Cybersecurity Newsletter 31-Jan-22


Patch Notes

  • Oracle to Release Nearly 500 New Security Patches

  • Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

  • Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

  • F5 fixes high-risk NGINX Controller vulnerability in January patch rollout

  • RCE bug chain patched in CentOS Web Panel

  • GitHub Actions flaw that allowed code to be approved without review is addressed with new feature rollout

Cyber Attacks

  • Red Cross suffers cyber-attack – data of 515,000 ‘highly vulnerable’ people exposed BitLocker encryption: Clear text key storage prompts security debate online

  • OpenSubtitles data breach: Users asked to re-secure accounts after plaintext password snafu

  • Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

  • A Trip to the Dark Site — Leak Sites Analyzed

  • Chain of vulnerabilities led to RCE on Cisco Prime servers

  • Linux kernel bug can let hackers escape Kubernetes containers

Malware and Vulnerabilities

  • Microsoft Edge Adds Security Mode to Thwart Malware Attacks

  • Zoom vulnerabilities impact clients, MMR servers

  • McAfee Agent bug lets hackers run code with Windows SYSTEM privileges

  • New Night Sky Ransomware Enters Corporate Ransom Attack Scene

  • Attackers Abusing Microsoft and AWS Public Cloud Services to Spread RATs

  • New DazzleSpy malware targets macOS users in watering hole attack

Cyber Tech

  • Researchers discover ‘extremely easy’ 2FA bypass in Box cloud management software

  • COVID19 Phishing Emails Surge 500% on Omicron Concerns

  • ThePhish: ‘the most complete’ non-commercial phishing email analysis tool

  • Android security tool APKLeaks patches critical vulnerability

Download Newsletter