Sign up to save your podcasts
Or
Share Follina’s Tuesday Patch, Hertzbleed Attack, Mighty Bot, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Follina’s Tuesday Patch, Hertzbleed Attack, Mighty Bot, and more.
Follina’s Tuesday Patch, Hertzbleed Attack, Mighty Bot, and more.
A daily look at the relevant information security news from overnight - 15 June, 2022
Episode 245 - 15 June 2022
Follina’s Tuesday PAtch- https://www.zdnet.com/article/microsoft-june-2022-patch-tuesday-55-fixes-remote-code-execution-in-abundance/
Hertzbleed Attack -
https://www.securityweek.com/new-hertzbleed-remote-side-channel-attack-affects-intel-amd-processors
Travis Exposed Tokens- https://www.bleepingcomputer.com/news/security/thousands-of-github-aws-docker-tokens-exposed-in-travis-ci-logs/
Citrix ADM Error -
https://www.securityweek.com/attackers-can-exploit-critical-citrix-adm-vulnerability-reset-admin-passwords
Linux Panchan Bot -
https://www.bleepingcomputer.com/news/security/new-go-botnet-panchan-spreading-rapidly-in-education-networks/
Mighty Bot -
https://www.zdnet.com/article/a-tiny-botnet-launched-the-largest-ddos-attack-on-record/
Hi, I’m Paul Torgersen. It’s Wednesday June 15th, 2022, and this is a look at the information security news from overnight.
From ZDNet.com
June Patch Tuesday is a popular one with everyone from Siemens to Schneider to Adobe to SAP rolling out updates. In fact, 141 updates just from those four. The one I am going to call out is Microsoft. Redmond rolled out 55 fixes, That’s down from 74 last month, and only three of which are critical, but one of those is a fix for the Follina zero-day. At long last. Get your patch on kids.
From SecurityWeek.com:
Researchers have identified a new side-channel attack that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack they are calling Hertzbleed. This impacts devices powered by Intel and AMD and possibly others. Details on the article.
From BleepingComputer.com:
The Travis CI platform, which is used for software development and testing, has exposed user data containing tens of thousands of authentication tokens for GitHub, AWS, and Docker Hub. Aqua Security, who discovered the flaw, shared their findings with Travis hoping for a fix, but they were told that the issue was “by design” and left the data exposed.
From SecurityWeek.com:
Citrix has warned of a critical vulnerability in their Citrix Application Delivery Management that could essentially allow an attacker to trigger an administrator password reset at the next reboot. The vulnerabilities impact all supported versions of Citrix ADM server and Citrix ADM agent. Customers will need to update the server as well as all associated agents. The company says it has already taken care of the ADM cloud service and no additional action is required there.
From BleepingComputer.com
A new peer-to-peer botnet named Panchan has popped up targeting Linux servers in the education sector to mine crypto. It is empowered with SSH worm functions to move laterally within the compromised network, and has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically...
A daily look at the relevant information security news from overnight - 15 June, 2022
Episode 245 - 15 June 2022
Follina’s Tuesday PAtch- https://www.zdnet.com/article/microsoft-june-2022-patch-tuesday-55-fixes-remote-code-execution-in-abundance/
Hertzbleed Attack -
https://www.securityweek.com/new-hertzbleed-remote-side-channel-attack-affects-intel-amd-processors
Travis Exposed Tokens- https://www.bleepingcomputer.com/news/security/thousands-of-github-aws-docker-tokens-exposed-in-travis-ci-logs/
Citrix ADM Error -
https://www.securityweek.com/attackers-can-exploit-critical-citrix-adm-vulnerability-reset-admin-passwords
Linux Panchan Bot -
https://www.bleepingcomputer.com/news/security/new-go-botnet-panchan-spreading-rapidly-in-education-networks/
Mighty Bot -
https://www.zdnet.com/article/a-tiny-botnet-launched-the-largest-ddos-attack-on-record/
Hi, I’m Paul Torgersen. It’s Wednesday June 15th, 2022, and this is a look at the information security news from overnight.
From ZDNet.com
June Patch Tuesday is a popular one with everyone from Siemens to Schneider to Adobe to SAP rolling out updates. In fact, 141 updates just from those four. The one I am going to call out is Microsoft. Redmond rolled out 55 fixes, That’s down from 74 last month, and only three of which are critical, but one of those is a fix for the Follina zero-day. At long last. Get your patch on kids.
From SecurityWeek.com:
Researchers have identified a new side-channel attack that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack they are calling Hertzbleed. This impacts devices powered by Intel and AMD and possibly others. Details on the article.
From BleepingComputer.com:
The Travis CI platform, which is used for software development and testing, has exposed user data containing tens of thousands of authentication tokens for GitHub, AWS, and Docker Hub. Aqua Security, who discovered the flaw, shared their findings with Travis hoping for a fix, but they were told that the issue was “by design” and left the data exposed.
From SecurityWeek.com:
Citrix has warned of a critical vulnerability in their Citrix Application Delivery Management that could essentially allow an attacker to trigger an administrator password reset at the next reboot. The vulnerabilities impact all supported versions of Citrix ADM server and Citrix ADM agent. Customers will need to update the server as well as all associated agents. The company says it has already taken care of the ADM cloud service and no additional action is required there.
From BleepingComputer.com
A new peer-to-peer botnet named Panchan has popped up targeting Linux servers in the education sector to mine crypto. It is empowered with SSH worm functions to move laterally within the compromised network, and has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically...
View all episodes
By Paul TorgersenFollina’s Tuesday Patch, Hertzbleed Attack, Mighty Bot, and more.
A daily look at the relevant information security news from overnight - 15 June, 2022
Episode 245 - 15 June 2022
Follina’s Tuesday PAtch- https://www.zdnet.com/article/microsoft-june-2022-patch-tuesday-55-fixes-remote-code-execution-in-abundance/
Hertzbleed Attack -
https://www.securityweek.com/new-hertzbleed-remote-side-channel-attack-affects-intel-amd-processors
Travis Exposed Tokens- https://www.bleepingcomputer.com/news/security/thousands-of-github-aws-docker-tokens-exposed-in-travis-ci-logs/
Citrix ADM Error -
https://www.securityweek.com/attackers-can-exploit-critical-citrix-adm-vulnerability-reset-admin-passwords
Linux Panchan Bot -
https://www.bleepingcomputer.com/news/security/new-go-botnet-panchan-spreading-rapidly-in-education-networks/
Mighty Bot -
https://www.zdnet.com/article/a-tiny-botnet-launched-the-largest-ddos-attack-on-record/
Hi, I’m Paul Torgersen. It’s Wednesday June 15th, 2022, and this is a look at the information security news from overnight.
From ZDNet.com
June Patch Tuesday is a popular one with everyone from Siemens to Schneider to Adobe to SAP rolling out updates. In fact, 141 updates just from those four. The one I am going to call out is Microsoft. Redmond rolled out 55 fixes, That’s down from 74 last month, and only three of which are critical, but one of those is a fix for the Follina zero-day. At long last. Get your patch on kids.
From SecurityWeek.com:
Researchers have identified a new side-channel attack that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack they are calling Hertzbleed. This impacts devices powered by Intel and AMD and possibly others. Details on the article.
From BleepingComputer.com:
The Travis CI platform, which is used for software development and testing, has exposed user data containing tens of thousands of authentication tokens for GitHub, AWS, and Docker Hub. Aqua Security, who discovered the flaw, shared their findings with Travis hoping for a fix, but they were told that the issue was “by design” and left the data exposed.
From SecurityWeek.com:
Citrix has warned of a critical vulnerability in their Citrix Application Delivery Management that could essentially allow an attacker to trigger an administrator password reset at the next reboot. The vulnerabilities impact all supported versions of Citrix ADM server and Citrix ADM agent. Customers will need to update the server as well as all associated agents. The company says it has already taken care of the ADM cloud service and no additional action is required there.
From BleepingComputer.com
A new peer-to-peer botnet named Panchan has popped up targeting Linux servers in the education sector to mine crypto. It is empowered with SSH worm functions to move laterally within the compromised network, and has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically...
A daily look at the relevant information security news from overnight - 15 June, 2022
Episode 245 - 15 June 2022
Follina’s Tuesday PAtch- https://www.zdnet.com/article/microsoft-june-2022-patch-tuesday-55-fixes-remote-code-execution-in-abundance/
Hertzbleed Attack -
https://www.securityweek.com/new-hertzbleed-remote-side-channel-attack-affects-intel-amd-processors
Travis Exposed Tokens- https://www.bleepingcomputer.com/news/security/thousands-of-github-aws-docker-tokens-exposed-in-travis-ci-logs/
Citrix ADM Error -
https://www.securityweek.com/attackers-can-exploit-critical-citrix-adm-vulnerability-reset-admin-passwords
Linux Panchan Bot -
https://www.bleepingcomputer.com/news/security/new-go-botnet-panchan-spreading-rapidly-in-education-networks/
Mighty Bot -
https://www.zdnet.com/article/a-tiny-botnet-launched-the-largest-ddos-attack-on-record/
Hi, I’m Paul Torgersen. It’s Wednesday June 15th, 2022, and this is a look at the information security news from overnight.
From ZDNet.com
June Patch Tuesday is a popular one with everyone from Siemens to Schneider to Adobe to SAP rolling out updates. In fact, 141 updates just from those four. The one I am going to call out is Microsoft. Redmond rolled out 55 fixes, That’s down from 74 last month, and only three of which are critical, but one of those is a fix for the Follina zero-day. At long last. Get your patch on kids.
From SecurityWeek.com:
Researchers have identified a new side-channel attack that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack they are calling Hertzbleed. This impacts devices powered by Intel and AMD and possibly others. Details on the article.
From BleepingComputer.com:
The Travis CI platform, which is used for software development and testing, has exposed user data containing tens of thousands of authentication tokens for GitHub, AWS, and Docker Hub. Aqua Security, who discovered the flaw, shared their findings with Travis hoping for a fix, but they were told that the issue was “by design” and left the data exposed.
From SecurityWeek.com:
Citrix has warned of a critical vulnerability in their Citrix Application Delivery Management that could essentially allow an attacker to trigger an administrator password reset at the next reboot. The vulnerabilities impact all supported versions of Citrix ADM server and Citrix ADM agent. Customers will need to update the server as well as all associated agents. The company says it has already taken care of the ADM cloud service and no additional action is required there.
From BleepingComputer.com
A new peer-to-peer botnet named Panchan has popped up targeting Linux servers in the education sector to mine crypto. It is empowered with SSH worm functions to move laterally within the compromised network, and has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically...