Monthly Security Bulletin – September 2023

1.            Chrome malware Rilide targets enterprise users via PowerPoint guides.

2.            Hackers can abuse Microsoft Office executables to download malware.

3.            Fake VMware vConnector package on PyPI targets IT pros.

4.            Tesla infotainment jailbreak unlocks paid features, extracts secrets.

5.            Microsoft Visual Studio Code flaw lets extensions steal passwords.

6.            Dell Compellent hardcoded key exposes VMware vCenter admin creds.

7.            Monti ransomware targets VMware ESXi servers with new Linux locker.

8.            Zoom Can Spy on Your Calls and Use the Conversation to Train AI, But Says That It Won’t .

9.            Google Chrome to warn when installed extensions are malware.

10.         Hackers use VPN provider’s code certificate to sign malware.

11.         Sneaky Amazon Google ad leads to Microsoft support scam.

12.         TP-Link smart bulbs can let hackers steal your WiFi password.

13.         Microsoft Excel to let you run Python scripts as formulas.

14.         New stealthy techniques let hackers gain Windows SYSTEM privileges.

15.         Lessons learned from the Microsoft Cloud breach.

16.         MalDoc in PDFs: Hiding malicious Word docs in PDF files.

17.         New Android MMRat malware uses Protobuf protocol to steal your data.

18.         U.S. Hacks QakBot, Quietly Removes Botnet Infections.

19.         Hacking campaign bruteforces Cisco VPNs to breach networks.

20. VMware Aria vulnerable to critical SSH authentication bypass flaw

21. Free Key Group ransomware decryptor helps victims recover data.