
Outlook C2 Framework, VMWare ESXi Vuln, and PKFail leads to UEFI Supply Chain Attacks.
Failed to add items
Add to Cart failed.
Add to Wish List failed.
Remove from wishlist failed.
Adding to library failed
Follow podcast failed
Unfollow podcast failed
-
Narrated by:
-
By:
About this listen
Security Digest for 30 July 2024:
Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7
Notable News:
WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem (binarly.io)
SupplyChainAttacks/PKfail/ImpactedDevices.md at main · binarly-io/SupplyChainAttacks · GitHub
Malicious Python Package Targets macOS Developers (checkmarx.com)
SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog
Scammer Abuses Microsoft 365 Tenants, Relaying Through Proofpoint Servers to Deliver Spam Campaigns | Proofpoint US
HealthEquity says data breach impacts 4.3 million people (bleepingcomputer.com)
Two-Step Phishing Campaign Exploits Microsoft Office Forms (perception-point.io)
Over 1 Million websites are at risk of sensitive information leakage (salt.security)
TrustedSec | Specula - Turning Outlook Into a C2 With One Registry…
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog
Support Content Notification - Support Portal - Broadcom support portal
Prevalent Patches:
Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - July 2024 | NVIDIA (custhelp.com)
Apple security releases - Apple Support
CISA Corner:
NVD - CVE-2024-4879 (nist.gov)
NVD - CVE-2024-5217 (nist.gov)
NVD - CVE-2023-45249 (nist.gov)
Siemens SICAM Products | CISA
Positron Broadcast Signal Processor | CISA