Weekly Update 367
Presently sponsored by: EPAS by Detack. No EPAS protected password has ever been cracked and won’t be found in any…
Security
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software.…
Friday Squid Blogging: Protecting Cephalopods in Medical Research
From Nature: Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do…
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach
China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked…
What Is mTLS? The Essential Guide You Can’t Afford to Miss
Intro: mTLS — The Unsung Hero of Cybersecurity Picture this: You’re a secret agent on a high-stakes mission. You have…
Misconfigured WBSC server leaks thousands of passports
The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly…
What is Elliptic Curve Cryptography (ECC) and How Does it Work?
The technological advancements that have come with the digital age have simplified life in several ways. Their key undoing, though,…
CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog
US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity…
Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109
Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS…
Dark Angels Team ransomware group hit Johnson Controls
Johnson Controls International suffered a ransomware attack that impacted the operations of the company and its subsidiaries. Johnson Controls International…