Sign up to save your podcasts
Or
Share Windows opatch, UNISOC DoS, GitLab patch, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Windows opatch, UNISOC DoS, GitLab patch, and more.
A daily look at the relevant information security news from overnight - 03 June, 2022
Episode 237 - 03 June 2022
Windows opatch- https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
UNISOC DoS -
https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulnerable-remote-dos-attacks
Asian app attack - https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/
Atlassian critical -
https://www.securityweek.com/atlassian-confluence-servers-hacked-zero-day-vulnerability
GitLb patch -
https://www.bleepingcomputer.com/news/security/gitlab-security-update-fixes-critical-account-take-over-flaw/
Hi, I’m Paul Torgersen. It’s Friday, June 3rd, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
While Microsoft has still not released a patch for the Windows critical vulnerability known as Follina, our friends at opatch have. Instead of just disabling the MSDT URL protocol handler which is the Microsoft suggested mitigation for the issue, opatch has added sanitization of the user-provided path to avoid rendering the Windows diagnostic wizardry inoperable across the Operating System for all applications. Details in the article.
From SecurityWeek.com:
Millions of budget smartphones that use UNISOC chipsets could have a critical vulnerability that leads to a denial of service attack. UNISOC has about 11% of the smartphone chip market, with the majority of these chips sold in Asia and Africa. The company has already issued the appropriate patch. Google will also address this flaw in an upcoming Android patch.
From BleepingComputer.com:
Chinese hacking group LuoYu is infecting victims with the WinDealer information stealer by switching legitimate app updates with a man-on-the-side attack. They are currently targeting popular Asian apps such as QQ, WeChat, and WangWang. Details in the article.
From SecurityWeek.com:
Atlassian Confluence Servers and Data Centers are affected by a critical vulnerability that can be leveraged for remote code execution and is being actively exploited in the wild. All supported versions of Confluence Server and Data Center are affected. Until a patch becomes available, users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances. The company hopes to have a patch ready by the end of today.
And last today, from BleepingComputer.com
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which that could lead to account takeover. That 9.9 severity vulnerability affects all GitLab versions 11.10 through 14.9.4, 14.10 through 14.10.3, and version 15.0. Get your patch on kids.
That’s all for me today . Have a great rest of your day. Like and subscribe. And until next time, be safe out there.
Episode 237 - 03 June 2022
Windows opatch- https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
UNISOC DoS -
https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulnerable-remote-dos-attacks
Asian app attack - https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/
Atlassian critical -
https://www.securityweek.com/atlassian-confluence-servers-hacked-zero-day-vulnerability
GitLb patch -
https://www.bleepingcomputer.com/news/security/gitlab-security-update-fixes-critical-account-take-over-flaw/
Hi, I’m Paul Torgersen. It’s Friday, June 3rd, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
While Microsoft has still not released a patch for the Windows critical vulnerability known as Follina, our friends at opatch have. Instead of just disabling the MSDT URL protocol handler which is the Microsoft suggested mitigation for the issue, opatch has added sanitization of the user-provided path to avoid rendering the Windows diagnostic wizardry inoperable across the Operating System for all applications. Details in the article.
From SecurityWeek.com:
Millions of budget smartphones that use UNISOC chipsets could have a critical vulnerability that leads to a denial of service attack. UNISOC has about 11% of the smartphone chip market, with the majority of these chips sold in Asia and Africa. The company has already issued the appropriate patch. Google will also address this flaw in an upcoming Android patch.
From BleepingComputer.com:
Chinese hacking group LuoYu is infecting victims with the WinDealer information stealer by switching legitimate app updates with a man-on-the-side attack. They are currently targeting popular Asian apps such as QQ, WeChat, and WangWang. Details in the article.
From SecurityWeek.com:
Atlassian Confluence Servers and Data Centers are affected by a critical vulnerability that can be leveraged for remote code execution and is being actively exploited in the wild. All supported versions of Confluence Server and Data Center are affected. Until a patch becomes available, users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances. The company hopes to have a patch ready by the end of today.
And last today, from BleepingComputer.com
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which that could lead to account takeover. That 9.9 severity vulnerability affects all GitLab versions 11.10 through 14.9.4, 14.10 through 14.10.3, and version 15.0. Get your patch on kids.
That’s all for me today . Have a great rest of your day. Like and subscribe. And until next time, be safe out there.
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight - 03 June, 2022
Episode 237 - 03 June 2022
Windows opatch- https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
UNISOC DoS -
https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulnerable-remote-dos-attacks
Asian app attack - https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/
Atlassian critical -
https://www.securityweek.com/atlassian-confluence-servers-hacked-zero-day-vulnerability
GitLb patch -
https://www.bleepingcomputer.com/news/security/gitlab-security-update-fixes-critical-account-take-over-flaw/
Hi, I’m Paul Torgersen. It’s Friday, June 3rd, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
While Microsoft has still not released a patch for the Windows critical vulnerability known as Follina, our friends at opatch have. Instead of just disabling the MSDT URL protocol handler which is the Microsoft suggested mitigation for the issue, opatch has added sanitization of the user-provided path to avoid rendering the Windows diagnostic wizardry inoperable across the Operating System for all applications. Details in the article.
From SecurityWeek.com:
Millions of budget smartphones that use UNISOC chipsets could have a critical vulnerability that leads to a denial of service attack. UNISOC has about 11% of the smartphone chip market, with the majority of these chips sold in Asia and Africa. The company has already issued the appropriate patch. Google will also address this flaw in an upcoming Android patch.
From BleepingComputer.com:
Chinese hacking group LuoYu is infecting victims with the WinDealer information stealer by switching legitimate app updates with a man-on-the-side attack. They are currently targeting popular Asian apps such as QQ, WeChat, and WangWang. Details in the article.
From SecurityWeek.com:
Atlassian Confluence Servers and Data Centers are affected by a critical vulnerability that can be leveraged for remote code execution and is being actively exploited in the wild. All supported versions of Confluence Server and Data Center are affected. Until a patch becomes available, users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances. The company hopes to have a patch ready by the end of today.
And last today, from BleepingComputer.com
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which that could lead to account takeover. That 9.9 severity vulnerability affects all GitLab versions 11.10 through 14.9.4, 14.10 through 14.10.3, and version 15.0. Get your patch on kids.
That’s all for me today . Have a great rest of your day. Like and subscribe. And until next time, be safe out there.
Episode 237 - 03 June 2022
Windows opatch- https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
UNISOC DoS -
https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulnerable-remote-dos-attacks
Asian app attack - https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/
Atlassian critical -
https://www.securityweek.com/atlassian-confluence-servers-hacked-zero-day-vulnerability
GitLb patch -
https://www.bleepingcomputer.com/news/security/gitlab-security-update-fixes-critical-account-take-over-flaw/
Hi, I’m Paul Torgersen. It’s Friday, June 3rd, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
While Microsoft has still not released a patch for the Windows critical vulnerability known as Follina, our friends at opatch have. Instead of just disabling the MSDT URL protocol handler which is the Microsoft suggested mitigation for the issue, opatch has added sanitization of the user-provided path to avoid rendering the Windows diagnostic wizardry inoperable across the Operating System for all applications. Details in the article.
From SecurityWeek.com:
Millions of budget smartphones that use UNISOC chipsets could have a critical vulnerability that leads to a denial of service attack. UNISOC has about 11% of the smartphone chip market, with the majority of these chips sold in Asia and Africa. The company has already issued the appropriate patch. Google will also address this flaw in an upcoming Android patch.
From BleepingComputer.com:
Chinese hacking group LuoYu is infecting victims with the WinDealer information stealer by switching legitimate app updates with a man-on-the-side attack. They are currently targeting popular Asian apps such as QQ, WeChat, and WangWang. Details in the article.
From SecurityWeek.com:
Atlassian Confluence Servers and Data Centers are affected by a critical vulnerability that can be leveraged for remote code execution and is being actively exploited in the wild. All supported versions of Confluence Server and Data Center are affected. Until a patch becomes available, users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances. The company hopes to have a patch ready by the end of today.
And last today, from BleepingComputer.com
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which that could lead to account takeover. That 9.9 severity vulnerability affects all GitLab versions 11.10 through 14.9.4, 14.10 through 14.10.3, and version 15.0. Get your patch on kids.
That’s all for me today . Have a great rest of your day. Like and subscribe. And until next time, be safe out there.