Sign up to save your podcasts
Or
Share Mandiant not Locked, Google patches, Follina phishing, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Mandiant not Locked, Google patches, Follina phishing, and more.
A daily look at the relevant information security news from overnight - 07 June, 2022
Episode 239 - 07 June 2022
Mandiant not locked- https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/
Google patches -
https://www.securityweek.com/google-patches-critical-android-vulnerabilities-june-2022-updates
Karakut phones it in- https://www.zdnet.com/article/fbi-warning-this-gang-steals-data-for-ransom-then-makes-harassing-phone-calls-to-pile-on-the-pressure/
Not so smart scale baddie -
https://portswigger.net/daily-swig/unpatched-bug-chain-poses-mass-account-takeover-threat-to-yunmai-weight-monitoring-app
Follina phishing -
https://www.bleepingcomputer.com/news/security/wi
ndows-zero-day-exploited-in-us-local-govt-phishing-attacks/
Hi, I’m Paul Torgersen. It’s Tuesday June 7th, 2022, which means a good chunk of you are probably at RSA, and this is a look at the information security news from overnight.
From BleepingComputer.com
The LockBit ransomware group published a new page on its data leak website, saying that they have 356,000 files they allegedly stole from Mandiant, and will be leaked online. Mandiant says, no way dude. They can find no evidence of any sort of breach. Mandiant, if you recall, is being acquired by Google in an all cash deal valued at $5.4 billion.
From SecurityWeek.com:
Google’s Patch Tuesday resolves a total of 40 Android vulnerabilities, including at least four rated critical. The company also announced it addressed roughly 80 vulnerabilities in its Pixel devices. Get your patch on kids.
From ZDNet.com:
A cyber-criminal gang, Karakut, is stealing sensitive data from businesses and demanding a ransom payment in exchange for deleting the stolen information. Pretty standard stuff, right? Well, these guys don’t stop there. According to an advisory from the FBI and CISA, next comes an extensive harassment campaign, with emails and even phone calls to employees, business partners, and clients with warnings that the company needs to pay the ransom.
From PortSwigger.net:
Several zero-day vulnerabilities in the Yunmai Smart Scale app could be chained together and exploited for full account takeover and access to all user details. The company, Zhuhai Yunmai Technologies, had tried to patch one of the flaws, but it was unsuccessful. The app currently has about a half a million downloads.
And last today, from BleepingComputer.com
Phishing campaigns against European governments and US local governments have ramped up recently using malicious Rich Text Format documents to exploit the unpatched critical Windows zero-day vulnerability known as Follina. The threat actor is suspected to be a State sponsored group, but no attribution has been confirmed as of yet. Details in the article.
That’s all for me today . Have a great rest of your day. Like and subscribe. And until tomorrow, be safe out there.
Episode 239 - 07 June 2022
Mandiant not locked- https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/
Google patches -
https://www.securityweek.com/google-patches-critical-android-vulnerabilities-june-2022-updates
Karakut phones it in- https://www.zdnet.com/article/fbi-warning-this-gang-steals-data-for-ransom-then-makes-harassing-phone-calls-to-pile-on-the-pressure/
Not so smart scale baddie -
https://portswigger.net/daily-swig/unpatched-bug-chain-poses-mass-account-takeover-threat-to-yunmai-weight-monitoring-app
Follina phishing -
https://www.bleepingcomputer.com/news/security/wi
ndows-zero-day-exploited-in-us-local-govt-phishing-attacks/
Hi, I’m Paul Torgersen. It’s Tuesday June 7th, 2022, which means a good chunk of you are probably at RSA, and this is a look at the information security news from overnight.
From BleepingComputer.com
The LockBit ransomware group published a new page on its data leak website, saying that they have 356,000 files they allegedly stole from Mandiant, and will be leaked online. Mandiant says, no way dude. They can find no evidence of any sort of breach. Mandiant, if you recall, is being acquired by Google in an all cash deal valued at $5.4 billion.
From SecurityWeek.com:
Google’s Patch Tuesday resolves a total of 40 Android vulnerabilities, including at least four rated critical. The company also announced it addressed roughly 80 vulnerabilities in its Pixel devices. Get your patch on kids.
From ZDNet.com:
A cyber-criminal gang, Karakut, is stealing sensitive data from businesses and demanding a ransom payment in exchange for deleting the stolen information. Pretty standard stuff, right? Well, these guys don’t stop there. According to an advisory from the FBI and CISA, next comes an extensive harassment campaign, with emails and even phone calls to employees, business partners, and clients with warnings that the company needs to pay the ransom.
From PortSwigger.net:
Several zero-day vulnerabilities in the Yunmai Smart Scale app could be chained together and exploited for full account takeover and access to all user details. The company, Zhuhai Yunmai Technologies, had tried to patch one of the flaws, but it was unsuccessful. The app currently has about a half a million downloads.
And last today, from BleepingComputer.com
Phishing campaigns against European governments and US local governments have ramped up recently using malicious Rich Text Format documents to exploit the unpatched critical Windows zero-day vulnerability known as Follina. The threat actor is suspected to be a State sponsored group, but no attribution has been confirmed as of yet. Details in the article.
That’s all for me today . Have a great rest of your day. Like and subscribe. And until tomorrow, be safe out there.
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight - 07 June, 2022
Episode 239 - 07 June 2022
Mandiant not locked- https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/
Google patches -
https://www.securityweek.com/google-patches-critical-android-vulnerabilities-june-2022-updates
Karakut phones it in- https://www.zdnet.com/article/fbi-warning-this-gang-steals-data-for-ransom-then-makes-harassing-phone-calls-to-pile-on-the-pressure/
Not so smart scale baddie -
https://portswigger.net/daily-swig/unpatched-bug-chain-poses-mass-account-takeover-threat-to-yunmai-weight-monitoring-app
Follina phishing -
https://www.bleepingcomputer.com/news/security/wi
ndows-zero-day-exploited-in-us-local-govt-phishing-attacks/
Hi, I’m Paul Torgersen. It’s Tuesday June 7th, 2022, which means a good chunk of you are probably at RSA, and this is a look at the information security news from overnight.
From BleepingComputer.com
The LockBit ransomware group published a new page on its data leak website, saying that they have 356,000 files they allegedly stole from Mandiant, and will be leaked online. Mandiant says, no way dude. They can find no evidence of any sort of breach. Mandiant, if you recall, is being acquired by Google in an all cash deal valued at $5.4 billion.
From SecurityWeek.com:
Google’s Patch Tuesday resolves a total of 40 Android vulnerabilities, including at least four rated critical. The company also announced it addressed roughly 80 vulnerabilities in its Pixel devices. Get your patch on kids.
From ZDNet.com:
A cyber-criminal gang, Karakut, is stealing sensitive data from businesses and demanding a ransom payment in exchange for deleting the stolen information. Pretty standard stuff, right? Well, these guys don’t stop there. According to an advisory from the FBI and CISA, next comes an extensive harassment campaign, with emails and even phone calls to employees, business partners, and clients with warnings that the company needs to pay the ransom.
From PortSwigger.net:
Several zero-day vulnerabilities in the Yunmai Smart Scale app could be chained together and exploited for full account takeover and access to all user details. The company, Zhuhai Yunmai Technologies, had tried to patch one of the flaws, but it was unsuccessful. The app currently has about a half a million downloads.
And last today, from BleepingComputer.com
Phishing campaigns against European governments and US local governments have ramped up recently using malicious Rich Text Format documents to exploit the unpatched critical Windows zero-day vulnerability known as Follina. The threat actor is suspected to be a State sponsored group, but no attribution has been confirmed as of yet. Details in the article.
That’s all for me today . Have a great rest of your day. Like and subscribe. And until tomorrow, be safe out there.
Episode 239 - 07 June 2022
Mandiant not locked- https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/
Google patches -
https://www.securityweek.com/google-patches-critical-android-vulnerabilities-june-2022-updates
Karakut phones it in- https://www.zdnet.com/article/fbi-warning-this-gang-steals-data-for-ransom-then-makes-harassing-phone-calls-to-pile-on-the-pressure/
Not so smart scale baddie -
https://portswigger.net/daily-swig/unpatched-bug-chain-poses-mass-account-takeover-threat-to-yunmai-weight-monitoring-app
Follina phishing -
https://www.bleepingcomputer.com/news/security/wi
ndows-zero-day-exploited-in-us-local-govt-phishing-attacks/
Hi, I’m Paul Torgersen. It’s Tuesday June 7th, 2022, which means a good chunk of you are probably at RSA, and this is a look at the information security news from overnight.
From BleepingComputer.com
The LockBit ransomware group published a new page on its data leak website, saying that they have 356,000 files they allegedly stole from Mandiant, and will be leaked online. Mandiant says, no way dude. They can find no evidence of any sort of breach. Mandiant, if you recall, is being acquired by Google in an all cash deal valued at $5.4 billion.
From SecurityWeek.com:
Google’s Patch Tuesday resolves a total of 40 Android vulnerabilities, including at least four rated critical. The company also announced it addressed roughly 80 vulnerabilities in its Pixel devices. Get your patch on kids.
From ZDNet.com:
A cyber-criminal gang, Karakut, is stealing sensitive data from businesses and demanding a ransom payment in exchange for deleting the stolen information. Pretty standard stuff, right? Well, these guys don’t stop there. According to an advisory from the FBI and CISA, next comes an extensive harassment campaign, with emails and even phone calls to employees, business partners, and clients with warnings that the company needs to pay the ransom.
From PortSwigger.net:
Several zero-day vulnerabilities in the Yunmai Smart Scale app could be chained together and exploited for full account takeover and access to all user details. The company, Zhuhai Yunmai Technologies, had tried to patch one of the flaws, but it was unsuccessful. The app currently has about a half a million downloads.
And last today, from BleepingComputer.com
Phishing campaigns against European governments and US local governments have ramped up recently using malicious Rich Text Format documents to exploit the unpatched critical Windows zero-day vulnerability known as Follina. The threat actor is suspected to be a State sponsored group, but no attribution has been confirmed as of yet. Details in the article.
That’s all for me today . Have a great rest of your day. Like and subscribe. And until tomorrow, be safe out there.