Eric and Pinky are back with another session of the Hackle Box—a monthly conversation between the information security experts about new and noteworthy exploits.

Discussed this month:

Windows zero-day exploited in the wild https://projecthyphae.com/threat/windows-zero-day-being-exploited-in-ransomware-attacks/

3CX Supply Chain Attack https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html

No evidence of…oh wait, your data was stolen (Yum! Brands breach) https://www.bleepingcomputer.com/news/security/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack/

Patch quick hits

Adobe: https://www.cisa.gov/news-events/alerts/2023/04/11/adobe-releases-security-updates-multiple-products

Apple: https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-update-iphones-macs-by-may-1st/

Cisco: https://www.cisa.gov/news-events/alerts/2023/03/23/cisco-releases-security-advisories-multiple-products

Fortinet: https://www.cisa.gov/news-events/alerts/2023/04/11/fortinet-releases-april-2023-vulnerability-advisories

Microsoft: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2023-patch-tuesday-fixes-1-zero-day-97-flaws/

SAP: https://www.bleepingcomputer.com/news/security/sap-releases-security-updates-for-two-critical-severity-flaws/

Follow us on social!
Facebook: https://www.facebook.com/frsecure/
Twitter: https://twitter.com/frsecure/
Instagram: https://www.instagram.com/frsecureofficial/
LinkedIn: https://www.linkedin.com/company/frsecure/