使用Player FM应用程序离线!
Chicago students breach, PyPI infection, WordPress backdoor, and more.
已归档的系列专辑 ("不活跃的收取点" status)
When? This feed was archived on May 25, 2023 16:09 (). Last successful fetch was on July 29, 2022 18:35 ()
Why? 不活跃的收取点 status. 我们的伺服器已尝试了一段时间,但仍然无法截取有效的播客收取点
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 329441980 series 2478053
Episode 230 - 23 May 2022
Chicago students breach - https://chicago.suntimes.com/education/2022/5/20/23132983/cps-public-schools-data-breach-students-employees-records-battelle-kids
PyPI infection -
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/
Record Etherium bounty - https://portswigger.net/daily-swig/blockchain-bridge-wormhole-pays-record-10m-bug-bounty-reward
PDF snake -
https://threatpost.com/snake-keylogger-pdfs/179703/
WordPress backdoor- https://www.bleepingcomputer.com/news/security/backdoor-baked-into-premium-school-management-plugin-for-wordpress/
Hi, I’m Paul Torgersen. It’s Monday May 23rd, 2022, and this is a look at the information security news from overnight.
From the Chicago.SunTimes.com:
A massive data breach has exposed four years’ worth of records of about a half million Chicago Public Schools students and nearly 60,000 employees. The attack targeted a company that provides teacher evaluations and should not contain financial records or Social Security numbers. And in a dose of real world teaching, those students now get a free year of credit and identity theft monitoring.
From BleepingComputer.com:
Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike malware on Windows, Linux, and macOS systems. The malicious package is named 'pymafka’, very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads. All the details in the article.
From PortSwigger.net:
An ethical hacker has earned a record $10 million bug bounty after discovering a critical security vulnerability in the Wormhole core bridge contract on Ethereum. The vulnerability would have allowed the wormhole to be bricked, forever losing the $736 million of assets that were in the contract at the time.
From ThreatPost.com:
A malicious email campaign using a weaponized PDF file and a 22-year-old Office bug is propagating the Snake keylogger. It also employs several evasion techniques, such as embedding malicious files, loading remotely-hosted exploits and shellcode encryption. You know where to find the details.
And last this week, from BleepingComputer.com
A backdoor has been discovered in a premium WordPress plugin designed as a complete management solution for schools. The name of the plugin is “School Management,” published by Weblizar, and multiple versions before 9.9.7 have the backdoor baked into its code. Although the latest version is clean, the developer did not disclose the source of the compromise.
That’s all for me today. Remember to LIKE, SUBSCRIBE, and share with your networks. And as always, until next time, be safe out there.
221集单集
已归档的系列专辑 ("不活跃的收取点" status)
When? This feed was archived on May 25, 2023 16:09 (). Last successful fetch was on July 29, 2022 18:35 ()
Why? 不活跃的收取点 status. 我们的伺服器已尝试了一段时间,但仍然无法截取有效的播客收取点
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 329441980 series 2478053
Episode 230 - 23 May 2022
Chicago students breach - https://chicago.suntimes.com/education/2022/5/20/23132983/cps-public-schools-data-breach-students-employees-records-battelle-kids
PyPI infection -
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/
Record Etherium bounty - https://portswigger.net/daily-swig/blockchain-bridge-wormhole-pays-record-10m-bug-bounty-reward
PDF snake -
https://threatpost.com/snake-keylogger-pdfs/179703/
WordPress backdoor- https://www.bleepingcomputer.com/news/security/backdoor-baked-into-premium-school-management-plugin-for-wordpress/
Hi, I’m Paul Torgersen. It’s Monday May 23rd, 2022, and this is a look at the information security news from overnight.
From the Chicago.SunTimes.com:
A massive data breach has exposed four years’ worth of records of about a half million Chicago Public Schools students and nearly 60,000 employees. The attack targeted a company that provides teacher evaluations and should not contain financial records or Social Security numbers. And in a dose of real world teaching, those students now get a free year of credit and identity theft monitoring.
From BleepingComputer.com:
Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike malware on Windows, Linux, and macOS systems. The malicious package is named 'pymafka’, very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads. All the details in the article.
From PortSwigger.net:
An ethical hacker has earned a record $10 million bug bounty after discovering a critical security vulnerability in the Wormhole core bridge contract on Ethereum. The vulnerability would have allowed the wormhole to be bricked, forever losing the $736 million of assets that were in the contract at the time.
From ThreatPost.com:
A malicious email campaign using a weaponized PDF file and a 22-year-old Office bug is propagating the Snake keylogger. It also employs several evasion techniques, such as embedding malicious files, loading remotely-hosted exploits and shellcode encryption. You know where to find the details.
And last this week, from BleepingComputer.com
A backdoor has been discovered in a premium WordPress plugin designed as a complete management solution for schools. The name of the plugin is “School Management,” published by Weblizar, and multiple versions before 9.9.7 have the backdoor baked into its code. Although the latest version is clean, the developer did not disclose the source of the compromise.
That’s all for me today. Remember to LIKE, SUBSCRIBE, and share with your networks. And as always, until next time, be safe out there.
221集单集
सभी एपिसोड
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。