Chicago students breach, PyPI infection, WordPress backdoor, and more.

Infosec Overnights - Daily Security News

תוכן מסופק על ידי Paul Torgersen. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Paul Torgersen או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

2y ago 2:41

MP3•בית הפרקים

סדרה בארכיון ("עדכון לא פעיל" status)

When? This feed was archived on May 25, 2023 16:09 (11M ago). Last successful fetch was on July 29, 2022 18:35 (1+ y ago)

Why? עדכון לא פעיל status. השרתים שלנו לא הצליחו לאחזר פודקאסט חוקי לזמן ממושך.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

A daily look at the relevant information security news from overnight.
Episode 230 - 23 May 2022
Chicago students breach - https://chicago.suntimes.com/education/2022/5/20/23132983/cps-public-schools-data-breach-students-employees-records-battelle-kids
PyPI infection -
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/
Record Etherium bounty - https://portswigger.net/daily-swig/blockchain-bridge-wormhole-pays-record-10m-bug-bounty-reward
PDF snake -
https://threatpost.com/snake-keylogger-pdfs/179703/
WordPress backdoor- https://www.bleepingcomputer.com/news/security/backdoor-baked-into-premium-school-management-plugin-for-wordpress/
Hi, I’m Paul Torgersen. It’s Monday May 23rd, 2022, and this is a look at the information security news from overnight.
From the Chicago.SunTimes.com:
A massive data breach has exposed four years’ worth of records of about a half million Chicago Public Schools students and nearly 60,000 employees. The attack targeted a company that provides teacher evaluations and should not contain financial records or Social Security numbers. And in a dose of real world teaching, those students now get a free year of credit and identity theft monitoring.
From BleepingComputer.com:
Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike malware on Windows, Linux, and macOS systems. The malicious package is named 'pymafka’, very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads. All the details in the article.
From PortSwigger.net:
An ethical hacker has earned a record $10 million bug bounty after discovering a critical security vulnerability in the Wormhole core bridge contract on Ethereum. The vulnerability would have allowed the wormhole to be bricked, forever losing the $736 million of assets that were in the contract at the time.
From ThreatPost.com:
A malicious email campaign using a weaponized PDF file and a 22-year-old Office bug is propagating the Snake keylogger. It also employs several evasion techniques, such as embedding malicious files, loading remotely-hosted exploits and shellcode encryption. You know where to find the details.
And last this week, from BleepingComputer.com
A backdoor has been discovered in a premium WordPress plugin designed as a complete management solution for schools. The name of the plugin is “School Management,” published by Weblizar, and multiple versions before 9.9.7 have the backdoor baked into its code. Although the latest version is clean, the developer did not disclose the source of the compromise.
That’s all for me today. Remember to LIKE, SUBSCRIBE, and share with your networks. And as always, until next time, be safe out there.

221 פרקים

#Security #Software Development #Paul Torgersen #Security News #Tech #News #Tech News