President – Martine Kersaint.
Secretary – Barry Kohler.
Treasurer – Randolph Cremer.
Members At Large – Katherine Mazza, John Paul Larson, Karen Topping.
The PAMIA Bylaws describe the board positions. One can be nominated for multiple positions. Term length is one year.
Serving on the board of a local biomed society earns points towards AAMI/ACI Certification renewals.
After 28 Years, SSLv2 is Still Not Gone
https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet…%20but%20we’re%20getting%20there/29908/
Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware
https://securelist.com/operation-triangulation/109842/
MOVEit Transfer Criticial Vulnerability
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Code Injection Vulnerablity in Reportlab Python Library
https://github.com/c53elyas/CVE-2023-33733
With cybersecurity threats on the rise, there are two crucial steps an organization can take to avoid falling victim to a credential phishing attack.
Apache NiFi Attacks
https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900
Gigabyte App Center Backdoor;
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Salesforce Ghost Sites
https://www.varonis.com/blog/salesforce-ghost-sites
CVE-2023-34152: Shell Command Injection in ImageMagick
https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
In this AMA episode from Security magazine, Todd Jones, Director of Campus Safety at the Minneapolis College of Art and Design, talks campus security.
Malspam Pushes ModiLoader Infection for Remocs Rat
https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896
MacOS SIP Bypass
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
OpenSSL Update
https://www.openssl.org/news/secadv/20230530.txt
Barracuda Email Security Gateway Applicance Vulnerability Details
https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists
Void Rabisu RomCom Backdoor
https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Nextcloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54
Zyxel NAS Vulnerability
https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/
Wait Just An Infosec: Higher Ed
https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
Analyzing Office Documents Embedded Inside PowerPoint Files
https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894
DocuSign Themed Email Leads to Script-Based Infection
https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888
File Archiver In The Browser
https://mrd0x.com/file-archiver-in-the-browser/
Securing PyPI accounts via Two-Factor Authentication
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/
Apache Casandra Vulnerabilities
https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5
MOXA MXsecurity Vulerabilities
https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
IR Case/Alert Management
https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880
Exploit for CVE-2023-2825 GitLab Vulnerability
https://github.com/Occamsec/CVE-2023-2825
Expo Framework OAUTH Vulnerability CVE-2023-28131
https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004
D-Link Vulnerabilities
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332
More Data Enrichment for Cowrie Logs
https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878
Volt Typhoon: Living of the Land
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Android App Breaking Bad
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
Zyxel Updates
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
Baracuda Email Security Gateway Vulnerability
https://status.barracuda.com/incidents/34kx82j5n4q9
Gitlab Patch
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
Apache Nifi Scans
https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/
Samsung Updates fix 0-Day
https://security.samsungmobile.com/securityUpdate.smsb
Lenovo All-In One Bricked by Windows Update
https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/
Dell VxRail Security Update
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack
https://arxiv.org/pdf/2305.10791.pdf
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
PHPSESSID | session | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. |
pmpro_visit | session | The cookie is set by PaidMembership Pro plugin. The cookie is used to manage user memberships. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |