Invinsense Cybersecurity Newsletter 17-Jan-22

Patch Notes

• Latest WordPress security release fixes XSS, SQL injection bugs

• Indian academic bookseller Oswaal Books fixes alleged RCE and other serious vulnerabilities with Shopify relaunch

• VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products

Cyber Attacks

• Insecure Amazon S3 bucket Amazon S3 bucket exposed personal data on 500,000 Ghanaian graduates

• URL Parsing Bugs Allow DoS, RCE, Spoofing & More

• Data breach: Broward Health warns 1.3 million patients, staff of ‘medical identity theft’New

Malware and Vulnerabilities

• Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying

• New Mac Malware Samples Underscore Growing Threat

• SonicWall: Y2K22 bug hits Email Security, firewall products

Cyber Tech

• Report: DDoS attacks increasing year on year as cybercriminals demand extortionate payouts

• Researchers discover Log4j-like flaw in H2 database console

• New Ways to Hide Malware Inside SSD Firmware Discovered