[Public Exposure] Public Exposure

Spending time outside in -26 degrees centigrade is an experience, which makes you observant of exposure to the elements. Even more so, when you are standing on the bank of the Kemijoki river with your camera gear in tow and: the moisture rising from the flowing water is freezing over your face, gear and clothes […]

Read More

[Public Exposure] A Discrete Affair

How much do you need to know about a person to fall in love with them? Do you need to see their face or touch their body to form a strong emotional bond? Or can you fall in love with someone over the telephone? A new reality show called “Love Is Blind” explores this question, […]

Read More

[NCSC-FI News] Fake Windows exploits target infosec community with Cobalt Strike

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor Whoever is behind these attacks took advantage of recently patched Windows remote code execution vulnerabilities tracked as CVE-2022-24500 and CVE-2022-26809 Last week, a threat actor published two proof-of-concept exploits on GitHub for the Windows CVE-2022-24500 and […]

Read More

[NCSC-FI News] General Motors credential stuffing attack exposes car owners info

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers’ information and allowed hackers to redeem rewards points for gift cards General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards […]

Read More

[NCSC-FI News] Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module ‘ctx’ that gets downloaded over 20, 000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer’s environment variables The threat actor even replaced the older, safe versions of ‘ctx’ with code that exfiltrates the developer’s environment variables, to collect secrets like Amazon AWS keys […]

Read More

[NCSC-FI News] Researchers to release exploit for new VMware auth bypass, patch now

Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products Identified as CVE-2022-22972, the security issue received a fix last Wednesday, accompanied by an urgent warning for administrators to install the patch or apply mitigations immediately. Source: Read More (NCSC-FI daily news followup)

Read More