Sign up to save your podcasts
Or
Share Lilith Not-Fair, Retbleed Spectre, Bandai Namco Gamed, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Lilith Not-Fair, Retbleed Spectre, Bandai Namco Gamed, and more.
A daily look at the relevant information security news from overnight - 14 July, 2022
Episode 265 - 14 July 2022
Lilith Not-Fair- https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
Retbleed Spectre -
https://www.securityweek.com/retbleed-new-speculative-execution-attack-targets-intel-amd-processors
AWS Kubernetes Flaw -
https://portswigger.net/daily-swig/vulnerability-in-aws-iam-authenticator-for-kubernetes-could-allow-user-impersonation-privilege-escalation-attacks
Teams Sticker Shock- https://portswigger.net/daily-swig/microsoft-teams-security-vulnerability-left-users-open-to-xss-via-flawed-stickers-feature
Bandai Namco Gamed -
https://www.bleepingcomputer.com/news/security/bandai-namco-confirms-hack-after-alphv-ransomware-data-leak-threat/
Hi, I’m Paul Torgersen. It’s Thursday July 14th 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
There’s a new ransomware group that has just hit the scene named Lilith. They have created the standard double-extortion leak site and added their first victim, a large construction group in South America, which has since been removed from the site. Analysis of the new family shows it does not appear to introduce any novelties, but another someone to keep an eye on. Details in the article.
From SecurityWeek.com:
Researchers have devised a new speculative execution attack called Retbleed, that can lead to information leaks and works on both Intel and AMD processors. The attack targets retpolines, or return trampolines, which was one of the defenses proposed in back 2018 to mitigate the Spectre side-channel attacks. You can see all the details and a link to the research paper in the article.
From PortSwigger.net:
A vulnerability in AWS IAM Authenticator for Kubernetes could allow a malicious actor to impersonate other users and escalate privileges in Kubernetes clusters. This impacts Elastic Kubernetes Service clusters configured with the AccessKeyID template parameter. If this is you, make sure you are running version 0.5.9.
Also from PortSwigger.net:
Attackers could abuse the sticker feature in Microsoft Teams to conduct cross-site scripting attacks. The Teams platform converts stickers into an image and uploads the content as RichText/HTML in the subsequent message. This can be manipulated for a potential HTML injection attack against multiple domains. All the sticky details in the article.
And last today, from BleepingComputer.com
Japanese game publishing giant Bandai Namco has confirmed that they suffered a cyberattack. The BlackCat ransomware gang has claimed responsibility for the attack on their data leak site. The company says the breach occurred on July 3rd to their internal systems in Asian regions other than Japan, and they are still evaluating the scope and type of information compromised.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
Episode 265 - 14 July 2022
Lilith Not-Fair- https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
Retbleed Spectre -
https://www.securityweek.com/retbleed-new-speculative-execution-attack-targets-intel-amd-processors
AWS Kubernetes Flaw -
https://portswigger.net/daily-swig/vulnerability-in-aws-iam-authenticator-for-kubernetes-could-allow-user-impersonation-privilege-escalation-attacks
Teams Sticker Shock- https://portswigger.net/daily-swig/microsoft-teams-security-vulnerability-left-users-open-to-xss-via-flawed-stickers-feature
Bandai Namco Gamed -
https://www.bleepingcomputer.com/news/security/bandai-namco-confirms-hack-after-alphv-ransomware-data-leak-threat/
Hi, I’m Paul Torgersen. It’s Thursday July 14th 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
There’s a new ransomware group that has just hit the scene named Lilith. They have created the standard double-extortion leak site and added their first victim, a large construction group in South America, which has since been removed from the site. Analysis of the new family shows it does not appear to introduce any novelties, but another someone to keep an eye on. Details in the article.
From SecurityWeek.com:
Researchers have devised a new speculative execution attack called Retbleed, that can lead to information leaks and works on both Intel and AMD processors. The attack targets retpolines, or return trampolines, which was one of the defenses proposed in back 2018 to mitigate the Spectre side-channel attacks. You can see all the details and a link to the research paper in the article.
From PortSwigger.net:
A vulnerability in AWS IAM Authenticator for Kubernetes could allow a malicious actor to impersonate other users and escalate privileges in Kubernetes clusters. This impacts Elastic Kubernetes Service clusters configured with the AccessKeyID template parameter. If this is you, make sure you are running version 0.5.9.
Also from PortSwigger.net:
Attackers could abuse the sticker feature in Microsoft Teams to conduct cross-site scripting attacks. The Teams platform converts stickers into an image and uploads the content as RichText/HTML in the subsequent message. This can be manipulated for a potential HTML injection attack against multiple domains. All the sticky details in the article.
And last today, from BleepingComputer.com
Japanese game publishing giant Bandai Namco has confirmed that they suffered a cyberattack. The BlackCat ransomware gang has claimed responsibility for the attack on their data leak site. The company says the breach occurred on July 3rd to their internal systems in Asian regions other than Japan, and they are still evaluating the scope and type of information compromised.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight - 14 July, 2022
Episode 265 - 14 July 2022
Lilith Not-Fair- https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
Retbleed Spectre -
https://www.securityweek.com/retbleed-new-speculative-execution-attack-targets-intel-amd-processors
AWS Kubernetes Flaw -
https://portswigger.net/daily-swig/vulnerability-in-aws-iam-authenticator-for-kubernetes-could-allow-user-impersonation-privilege-escalation-attacks
Teams Sticker Shock- https://portswigger.net/daily-swig/microsoft-teams-security-vulnerability-left-users-open-to-xss-via-flawed-stickers-feature
Bandai Namco Gamed -
https://www.bleepingcomputer.com/news/security/bandai-namco-confirms-hack-after-alphv-ransomware-data-leak-threat/
Hi, I’m Paul Torgersen. It’s Thursday July 14th 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
There’s a new ransomware group that has just hit the scene named Lilith. They have created the standard double-extortion leak site and added their first victim, a large construction group in South America, which has since been removed from the site. Analysis of the new family shows it does not appear to introduce any novelties, but another someone to keep an eye on. Details in the article.
From SecurityWeek.com:
Researchers have devised a new speculative execution attack called Retbleed, that can lead to information leaks and works on both Intel and AMD processors. The attack targets retpolines, or return trampolines, which was one of the defenses proposed in back 2018 to mitigate the Spectre side-channel attacks. You can see all the details and a link to the research paper in the article.
From PortSwigger.net:
A vulnerability in AWS IAM Authenticator for Kubernetes could allow a malicious actor to impersonate other users and escalate privileges in Kubernetes clusters. This impacts Elastic Kubernetes Service clusters configured with the AccessKeyID template parameter. If this is you, make sure you are running version 0.5.9.
Also from PortSwigger.net:
Attackers could abuse the sticker feature in Microsoft Teams to conduct cross-site scripting attacks. The Teams platform converts stickers into an image and uploads the content as RichText/HTML in the subsequent message. This can be manipulated for a potential HTML injection attack against multiple domains. All the sticky details in the article.
And last today, from BleepingComputer.com
Japanese game publishing giant Bandai Namco has confirmed that they suffered a cyberattack. The BlackCat ransomware gang has claimed responsibility for the attack on their data leak site. The company says the breach occurred on July 3rd to their internal systems in Asian regions other than Japan, and they are still evaluating the scope and type of information compromised.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
Episode 265 - 14 July 2022
Lilith Not-Fair- https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
Retbleed Spectre -
https://www.securityweek.com/retbleed-new-speculative-execution-attack-targets-intel-amd-processors
AWS Kubernetes Flaw -
https://portswigger.net/daily-swig/vulnerability-in-aws-iam-authenticator-for-kubernetes-could-allow-user-impersonation-privilege-escalation-attacks
Teams Sticker Shock- https://portswigger.net/daily-swig/microsoft-teams-security-vulnerability-left-users-open-to-xss-via-flawed-stickers-feature
Bandai Namco Gamed -
https://www.bleepingcomputer.com/news/security/bandai-namco-confirms-hack-after-alphv-ransomware-data-leak-threat/
Hi, I’m Paul Torgersen. It’s Thursday July 14th 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com:
There’s a new ransomware group that has just hit the scene named Lilith. They have created the standard double-extortion leak site and added their first victim, a large construction group in South America, which has since been removed from the site. Analysis of the new family shows it does not appear to introduce any novelties, but another someone to keep an eye on. Details in the article.
From SecurityWeek.com:
Researchers have devised a new speculative execution attack called Retbleed, that can lead to information leaks and works on both Intel and AMD processors. The attack targets retpolines, or return trampolines, which was one of the defenses proposed in back 2018 to mitigate the Spectre side-channel attacks. You can see all the details and a link to the research paper in the article.
From PortSwigger.net:
A vulnerability in AWS IAM Authenticator for Kubernetes could allow a malicious actor to impersonate other users and escalate privileges in Kubernetes clusters. This impacts Elastic Kubernetes Service clusters configured with the AccessKeyID template parameter. If this is you, make sure you are running version 0.5.9.
Also from PortSwigger.net:
Attackers could abuse the sticker feature in Microsoft Teams to conduct cross-site scripting attacks. The Teams platform converts stickers into an image and uploads the content as RichText/HTML in the subsequent message. This can be manipulated for a potential HTML injection attack against multiple domains. All the sticky details in the article.
And last today, from BleepingComputer.com
Japanese game publishing giant Bandai Namco has confirmed that they suffered a cyberattack. The BlackCat ransomware gang has claimed responsibility for the attack on their data leak site. The company says the breach occurred on July 3rd to their internal systems in Asian regions other than Japan, and they are still evaluating the scope and type of information compromised.
That’s all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.