Security Digest for 30 July 2024:

Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7 Notable News: WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)

PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem (binarly.io) SupplyChainAttacks/PKfail/ImpactedDevices.md at main · binarly-io/SupplyChainAttacks · GitHub Malicious Python Package Targets macOS Developers (checkmarx.com)

SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog Scammer Abuses Microsoft 365 Tenants, Relaying Through Proofpoint Servers to Deliver Spam Campaigns | Proofpoint US HealthEquity says data breach impacts 4.3 million people (bleepingcomputer.com) Two-Step Phishing Campaign Exploits Microsoft Office Forms (perception-point.io) Over 1 Million websites are at risk of sensitive information leakage (salt.security) TrustedSec | Specula - Turning Outlook Into a C2 With One Registry… Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog Support Content Notification - Support Portal - Broadcom support portal Prevalent Patches: Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - July 2024 | NVIDIA (custhelp.com) Apple security releases - Apple Support

CISA Corner: NVD - CVE-2024-4879 (nist.gov) NVD - CVE-2024-5217 (nist.gov) NVD - CVE-2023-45249 (nist.gov) Siemens SICAM Products | CISA Positron Broadcast Signal Processor | CISA