Summary:
Chilly Weather Start: The CyberHub podcast episode begins with a casual mention of the cold weather in Georgia, setting a friendly tone before diving into serious cybersecurity topics.
The host, James Azar, mentions an upcoming article on Substack that offers a fresh perspective on ransomware, scheduled for release tomorrow.
- Critical Citrix Update: Citrix urgently advises customers to patch their NetScaler ADC and Gateway appliances. Two actively exploited zero-day vulnerabilities (CVEs 2023-6548 and 6549) could lead to remote code execution and denial of service attacks under certain conditions.
- Google Chrome Urgent Update: Google has released an update for the Chrome browser to fix three high-severity defects, including an out-of-bounds memory access issue in the V8 JavaScript engine (CVE-2024-0519), already exploited in the wild.
- Androx Ghost Botnet Alert: The FBI and CISA issue an advisory about the Androx Ghost botnet, a Python-scripted malware targeting cloud credentials. Initially identified in 2022, it exploits vulnerabilities in various web frameworks and servers.
- GitHub Credential Rotation: GitHub rotates credentials following a vulnerability discovery in December last year that could expose login information. Although the issue was contained, GitHub took precautionary measures.
- Oracle Security Patches: Oracle announces 389 new security patches, including updates for critical vulnerabilities across numerous products like E-Business Suite, Analytics, Java SE, and more.
- Atlassian Confluence Vulnerability: A critical remote code execution vulnerability (CVE-2023-22527) affects Atlassian's Confluence data center and server versions released before December 5th, 2023.
- Iranian Cyber Espionage Campaign: The episode discusses an Iranian cyber espionage campaign targeting families of hostages held by Hamas. Fake online profiles and other tactics are used for intelligence gathering in Israel.
- Cybersecurity Funding Trends: Venture funding for cybersecurity startups has hit a two-year low. The total funds raised in 2023 were significantly lower than in the previous year, indicating a trend towards more selective investment in the sector.
Wrap-Up: The podcast concludes with a reminder for the audience to subscribe and stay cyber safe, hinting at more insightful discussions in upcoming episodes.
Show Notes and Story Links:
https://www.securityweek.com/google-warns-of-chrome-browser-zero-day-being-exploited/
https://www.securityweek.com/github-rotates-credentials-in-response-to-vulnerability/
https://www.securityweek.com/oracle-patches-200-vulnerabilities-with-january-2024-cpu/
https://www.jpost.com/israel-hamas-war/article-782239?utm
https://news.crunchbase.com/cybersecurity/funding-drops-eoy-2023/
Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!
Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact
******
Listen here: https://linktr.ee/cyberhubpodcast
SubStack:
******
Website: https://www.cyberhubpodcast.com
Youtube: https://www.youtube.com/c/TheCyberHubPodcast
Rumble: https://rumble.com/c/c-1353861
Facebook: https://www.facebook.com/CyberHubpodcast/
Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
Twitter: https://twitter.com/cyberhubpodcast
Instagram: https://www.instagram.com/cyberhubpodcast
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Share this post