Weekly Update 364
Presently sponsored by: Fastmail. Check out Masked Email, built with 1Password. One click gets you a unique email address for…
Security
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security…
Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital
The Ragnar Locker ransomware gang added Israel’s Mayanei Hayeshua hospital to the list of victims on its Tor leak site…
2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery
Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a…
North Korea-linked threat actors target cybersecurity experts with a zero-day
North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat…
Friday Squid Blogging: Glass Squid Video
Here’s a fantastic video of Taonius Borealis, a glass squid, from NOAA. As usual, you can also use this squid…
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks
A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns…
Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns
U.S. CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The U.S.…
LLMs and Tool Use
Last March, just two weeks after GPT-4 was released, researchers at Microsoft quietly announced a plan to compile millions of…
Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware
Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at…