Security Digest for 30 July 2024:

Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7

Notable News:

WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)

PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem (binarly.io)
SupplyChainAttacks/PKfail/ImpactedDevices.md at main · binarly-io/SupplyChainAttacks · GitHub

Malicious Python Package Targets macOS Developers (checkmarx.com)

SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog

Scammer Abuses Microsoft 365 Tenants, Relaying Through Proofpoint Servers to Deliver Spam Campaigns | Proofpoint US

HealthEquity says data breach impacts 4.3 million people (bleepingcomputer.com)

Two-Step Phishing Campaign Exploits Microsoft Office Forms (perception-point.io)

Over 1 Million websites are at risk of sensitive information leakage (salt.security)

TrustedSec | Specula - Turning Outlook Into a C2 With One Registry…

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog
Support Content Notification - Support Portal - Broadcom support portal

Prevalent Patches:
Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - July 2024 | NVIDIA (custhelp.com)

Apple security releases - Apple Support

CISA Corner:
NVD - CVE-2024-4879 (nist.gov)
NVD - CVE-2024-5217 (nist.gov)
NVD - CVE-2023-45249 (nist.gov)
Siemens SICAM Products | CISA
Positron Broadcast Signal Processor | CISA