Today’s Cybersecurity update:
1. OKTA Customer Support Breach: The breach exposed data on 134 customers, including One Password, Beyond Trust, and Cloudflare. The breach was due to an OKTA employee's credentials being compromised, which led to the theft of session tokens and HR files containing session tokens.
2. Microsoft Exchange Vulnerabilities: Microsoft has patched four Exchange vulnerabilities that were disclosed by the Trend Micro Zero Day Initiative. These patches mean that there is no immediate need for concern regarding these particular vulnerabilities.
3. Atlassian Critical Bug: There is a critical vulnerability (CV 2023 22518) in the Confluence Data Center and server technology that requires immediate patching. Proof of concept exploit code for this vulnerability has become publicly available, and there have been observed attempts to exploit it.
4. Data Brokers Selling US Service Member Secrets: Researchers have found that data brokers are selling highly sensitive information about American military service members, veterans, and their families. This includes health and financial information, and it's a significant national security threat.
5. Cyber Warfare in Israel: The report discusses cyberattacks on Israeli educational and tech sector institutions by Iran and its proxies. Novel wipers and malware have been used in these attacks, and there's an effort to block Hamas's crypto financing to prevent further violence.
6. Looney Tunables Exploit: A privilege escalation vulnerability in the GNU library, known as Looney Tunables (CVE 2023-4111), has been exploited in cloud attacks, particularly targeting Linux distributions.
The video also mentions the ongoing conflict in Israel, with a focus on the cyber warfare aspect, and the use of cryptocurrency in financing terrorist activities. There is a call for immediate action to regulate the data broker industry due to the national security risks it poses. The video concludes with a reminder of the importance of patching vulnerabilities and monitoring for indicators of compromise (IOCs) to prevent becoming a victim of these security threats.
Story Links:
https://www.securityweek.com/looney-tunables-glibc-vulnerability-exploited-in-cloud-attacks/
https://www.darkreading.com/attacks-breaches/critical-atlassian-bug-exploit-immediate-patching
https://therecord.media/data-brokers-are-selling-military-secrets
https://thehackernews.com/2023/11/iranian-hackers-launches-destructive.html
https://twitter.com/HilzFuld/status/1721160996134302067
Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!
Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact
******
Listen here: https://linktr.ee/cyberhubpodcast
SubStack:
******
Website: https://www.cyberhubpodcast.com
Youtube: https://www.youtube.com/c/TheCyberHubPodcast
Rumble: https://rumble.com/c/c-1353861
Facebook: https://www.facebook.com/CyberHubpodcast/
Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
Twitter: https://twitter.com/cyberhubpodcast
Instagram: https://www.instagram.com/cyberhubpodcast
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
#cybernews #infosec #cybersecurity #cyberhubpodcast #ciso #infosecnews #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #securitygang #informationsecurity #cyberattack #databreach #exploit #zeroday
Share this post