Weekly Cyber Security News 27/05/2022

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Say that again??? 22 year old vulnerability that was patched in 2017 is still finding victims. Really:

• Snake Keylogger Spreads Through Malicious PDFs – Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

Another unsurprising discovery of a huge number of responsive (but not confirmed vulnerable) ways into Kubernete installations. Firewall anyone?

• 380K Kubernetes API Servers Exposed to Public Internet – More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.

Kudos to Bank of Zambia…

• Bank refuses to pay ransom to hackers, sends ‘d*ck pics’ instead