Lunch Time Nibbles - 2022-11-10

Welcome to another Lunch Time breakout:

High-Severity Flaw Reported in Critical System Used in Oil and Gas Companies
Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ABB Totalflow flow computers and remote controllers. "Attackers can exploit this flaw to gain root
Read more....

Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products
Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized access, perform remote desktop takeover, and even circumvent defenses against login brute-force attempts under
Read more....

New StrelaStealer malware steals your Outlook, Thunderbird accounts
A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients. [...]
Read more....

Verified mess — Twitter's $8 blue tick rollout sees 'verified' fakes
Twitter has officially rolled out its Twitter Blue program for an $8 monthly fee that confers upon the Tweeter multiple benefits, including the much-sought blue badge. But, all this has led to its own set of problems, such as threat actors now impersonating famous people and still being granted a "verified" status. [...]
Read more....