Wayne Shaw on LinkedIn: CISA and FBI: DDoS attacks won’t impact US election integrity (2024)

Thank you CYFIRMA Research, know your enemy.. look up and see your emerging threats.. #noble1TOM SHAW

1

Thank you Dr. Chase Cunningham I couldn’t agree more.TOM SHAW

Thanks Trevor Van Essen an enlightening podcast..#noble1TOM SHAW

However, many operators continue to use deprecated and weak Diffie-Hellman (DH) groups, fail 3GPP specifications, and share private keys across continents, leading to security concerns.VoLTE compared to VoWiFi over an untrusted Internet connection (Source – CISPA)The risk is that these vulnerabilities could expose VoWiFi communications to MITM attacks, compromising data integrity or confidentiality, which is essential for better security in implementing VoWiFi solutions.#noble1TOM SHAW

2

Bitdefender’s GravityZone Update Server has raised significant security concerns.Identified as CVE-2024-6980, this flaw allows attackers to execute server-side request forgery (SSRF) attacks, potentially compromising sensitive data and systems. With a CVSS score of 9.2, this vulnerability is categorized as critical.#noble1TOM SHAW

1

Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas).The vulnerability, CVE-2024-6220, allows unauthenticated threat actors to upload arbitrary files to a vulnerable site, potentially leading to remote code execution and complete site takeover.#noble1TOM SHAW

1

Microsoft has addressed several critical vulnerabilities in its Chromium-based Edge browser. Users of the affected versions are strongly advised to update to the latest version to mitigate potential security risks.According to the Asec Ahnlab reports, the vulnerabilities were found in Microsoft Edge versions 127.0.6533.88 and 127.0.6533.89.These versions are based on the Chromium engine, widely used across various web browsers for its performance and security features.#noble1TOM SHAW

Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application.In January, Twilio announced that the Authy desktop apps for Windows, macOS, and Linux would reach the end of life on March 19, 2024, and will ultimately be discontinued in August 2024.#noble1TOM SHAW

1

The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million.According to the U.S. Department of Justice, the fraudulent operation targeted elderly victims in the United States and Canada.#noble1TOM SHAW

2

Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform.The packages are named ‘spl-types,’ ‘raydium,’ ‘sol-structs,’ ‘sol-instruct,’ and ‘raydium-sdk’ and download scripts that steal sensitive data from the browser, messaging apps (Telegram, Signal, Session), and cryptocurrency wallet details (Exodus, Electrum, Monero).#noble1TOM SHAW

1