Weekend Digest – 4/2/2022 (Saturday)

Information from Friday afternoon to Saturday afternoon.

News/Intelligence/IOCs Stories

  • CERT/CC Releases Information on Spring4Shell Vulnerability – LINK
  • Spring4Shell: critical vulnerability in Spring Java framework – LINK
  • Beastmode botnet boosts DDoS power with new router exploits – LINK
  • Threat Roundup for March 25 to April 1 – LINK
  • British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group – LINK
  • American Express users locked out for HOURS: no login, no payments – LINK

Regulation Related Stories

  • What You Need to Know About PCI DSS 4.0’s New Requirements – LINK

Russia/Ukraine War Related Stories

  • Russian-linked Android malware records audio, tracks your location – LINK
  • Ukraine intelligence leaks names of 620 alleged Russian FSB agents – LINK
  • Ukraine, Conti, and the law of unintended consequences – LINK

New Vulnerability Related

  • Trend Micro fixes actively exploited remote code execution bug – (CVE-2022-26871) – LINK
  • Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts – (CVE-2022-1162) – LINK
  • 15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks – LINK

New Breach Related Stories

  • (Partnership HealthPlan of California) – Hive ransomware impacts California non-profit health organisation – LINK