ACTION ALERTS! (Patreon)

ACTION ALERT:

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-vmware-cve-2022-22954-bug-patch-now/

A POC exploit was released publicly online for an already-reported vulnerability in VMWare. It’s an RCE used to infect server to mine cryptocurrency. Patch now to mitigate this issue.

https://wiscprivacy.com/papers/vca_mute.pdf

This white paper explains how the mute button in several video conferencing apps doesn’t actually mute your mic. The privacy issues are theoretical in that the applications tested could - in theory - still capture audio even when the mic says it’s muted in software. My advice? Use a hardware mute button.

https://www.bleepingcomputer.com/news/security/t-mobile-customers-warned-of-unblockable-sms-phishing-attacks/

T-Mobile customers: be aware of this phishing campaign going around using SMS group texts. These target users by sending a malicious link via text that says thank you for paying your t-mobile bill and offer a gift.

https://www.vice.com/en/article/k7w9mv/tmobile-hacked-bought-data-mandiant

Speaking of T-Mobile, remember how they were hacked in August last year? Apparently they hired a third party to buy back the data to keep it from leaking, but the original attackers leaked it anyway.

https://www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-hackers-craft-their-own-login-credentials/

Cisco has patched a critical vulnerability within their wireless LAN controller software. This software is present on many products, which are listed here: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF

https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-citizens?currentPage=all

This New Yorker article explains how Pegasus spyware is being used to spy on citizens.