📰wrzlbrmpft's cyberlights💥

personal weekly cybersecurity highlights (for everyone?)

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.


For All

👨‍👩‍👧‍👦 One in five children found to engage in illegal activity online https://www.nationalcrimeagency.gov.uk/news/one-in-five-children-found-to-engage-in-illegal-activity-online

📶 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data https://securityaffairs.com/159003/security/public-wi-fi-attacks.html

😨 Quarter of polled Americans say they use AI to make them hotter in online dating https://www.theregister.com/2024/02/12/generative_ai_online_dating_boost/

🛍️ Angreifer spoofen Temu – German! https://www.zdnet.de/88414209/angreifer-spoofen-temu/

👩‍⚖️ Backdoors that let cops decrypt messages violate human rights, EU court says https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/

👀 EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme https://www.securityweek.com/eu-watchdog-urged-to-reject-meta-pay-for-privacy-scheme/

♻ Meta says risk of account theft after phone number recycling isn't its problem to solve https://www.theregister.com/2024/02/13/meta_phone_security_number_recycling/

🗳 Global Malicious Activity Targeting Elections is Skyrocketing https://securityaffairs.com/159062/hacking/global-malicious-activity-targeting-elections.html

🤱 Broker sold Planned Parenthood visitor location data to pro-life group, senator says Nothing to hide... https://therecord.media/broker-sold-planned-parenthood-data-wyden

🏥 A ransomware attack took 100 Romanian hospitals down https://securityaffairs.com/159093/cyber-crime/romanian-hospitals-ransomware-attack.html


more, For the Curious

🧩 Rhysida ransomware cracked! Free decryption tool released https://www.tripwire.com/state-of-security/rhysida-ransomware-cracked-free-decryption-tool-released

🆓 Broadcom terminates VMware's free ESXi hypervisor https://www.theregister.com/2024/02/13/broadcom_ends_free_esxi_vsphere/

💫 Raspberry Robin spotted using two new 1-day LPE exploits https://securityaffairs.com/158969/malware/raspberry-robin-1-day-exploits.html

🐬 Flipper Zero takes to the big screen Flipper with video output! https://www.theregister.com/2024/02/13/flipper_zero_vgm/

🐞 New critical Microsoft Outlook RCE bug is trivial to exploit https://www.bleepingcomputer.com/news/security/new-critical-microsoft-outlook-rce-bug-is-trivial-to-exploit/

💸 Pennsylvania county pays $350,000 cyberattack ransom https://therecord.media/pennsylvania-county-pays-cyberattack-ransom

🧧 US, Estonia to send confiscated Russian funds to Ukraine. Are ransomware proceeds next? https://therecord.media/us-estonia-sending-confiscated-russian-funds

⚡ Espressif ESP32: Breaking HW AES with Electromagnetic Analysis Glitching your thing https://raelize.com/blog/espressif-systems-esp32-breaking-hw-aes-with-electromagnetic-analysis/


CISA Advisory Corner Microsoft – Actively Exploited! Ⓜ Microsoft Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/microsoft-releases-security-updates-multiple-products Adobe 🅰 Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/adobe-releases-security-updates-multiple-products BIND 9 🅱 ISC Releases Security Advisories for BIND 9 https://www.cisa.gov/news-events/alerts/2024/02/13/isc-releases-security-advisories-bind-9 🏭 CISA Releases Seventeen Industrial Control Systems Advisories A lot of Siemens https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-releases-seventeen-industrial-control-systems-advisories 🧱 CISA Adds Two Known Exploited Vulnerabilities to Catalog Cisco ASA and Exchange https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-adds-two-known-exploited-vulnerabilities-catalog


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight 🪥 How to tell if your toothbrush is being used in a DDoS attack https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack Wanna know more? See end of post.

🏙 Betrug: Falsche Briefe der Stadt verschickt https://wien.orf.at/stories/3243868/


For All

🏴‍☠️ How are user credentials stolen and used by threat actors? https://blog.talosintelligence.com/how-are-user-credentials-stolen-and-used-by-threat-actors/

👩‍🏭 Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html

🔲 QR Codes – what's the real risk? https://www.ncsc.gov.uk/blog-post/qr-codes-whats-real-risk

🥸 Fake LastPass password manager spotted on Apple-s App Store https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/

🕵️‍♀️ Buying Spying: How the commercial surveillance industry works and what can be done about it Wanna know more? Full report by Google further down https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/

🧹 Mozilla’s new service tries to wipe your data off the web https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests

🏷 Meta announcement: Labeling AI-Generated Images on Facebook, Instagram and Threads https://about.fb.com/news/2024/02/labeling-ai-generated-images-on-facebook-instagram-and-threads/

🌆How to Protect Your Social Media Accounts Good tips. You can skip the score... https://www.mcafee.com/blogs/privacy-identity-protection/how-to-protect-your-social-media-accounts/

👑 Want to watch porn in Britain? Get your passport ready https://www.politico.eu/article/the-great-british-porn-block-is-back/


more, For the Curious

👨‍🔧OT Maintenance Is Primary Source of OT Security Incidents: Report https://www.securityweek.com/ot-maintenance-is-primary-source-of-ot-security-incidents-report/

🔨 mlcsec/proctools: Small toolkit for extracting information and dumping sensitive strings from Windows processes https://github.com/mlcsec/proctools

🚘 How I Also Hacked my Car https://goncalomb.com/blog/2024/01/30/f57cf19b-how-i-also-hacked-my-car

🧾 Full Report by Google – Buying Spying Insights into Commercial Surveillance Vendors https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf

🔓 VIDEO: Breaking Bitlocker – Bypassing the Windows Disk Encryption (by stacksmashing) https://www.youtube.com/watch?v=wTl4vEednkQ

🩲 The Real Shim Shady – How CVE-2023-40547 Impacts Most Linux Systems https://eclypsium.com/blog/the-real-shim-shady-how-cve-2023-40547-impacts-most-linux-systems/

📡 CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers https://therecord.media/kyivstar-ceo-on-russian-cyberattack-telecom

📵 Taking Apart an Android SMS Stealer https://vaktibabat.github.io/posts/Android_SMS_Stealer/

💫 Combining Cybersecurity Frameworks: An Alternative to Incident Reporting https://medium.com/@s.lontzetidis/combining-cybersecurity-frameworks-an-alternative-to-incident-reporting-9d642d9a5456

Doubt corner – don't believe everything! 📹 Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ !! Doubtfull story. Source article seems to be this from scmp.com. https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html

🦷 3 million smart toothbrushes were just used in a DDoS attack. Really !! ⚠ NOT true!! @GossiTheDog@cyberplace.social and Forbes https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-just-used-in-a-ddos-attack-really/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight ☝️ Fingerabdruck-Sensor: Tochter kann Google Pixel 8 entsperren TL:DR in English: Saving the same finger twice leads to more collisions https://www.kuketz-blog.de/fingerabdruck-sensor-tochter-kann-google-pixel-8-entsperren/


For All

📳How to stop location tracking on your Android phone (mostly) https://www.theverge.com/21401280/android-location-tracking-history-stop-how-to

🧢 Fake Bill Ackman and Jim Cramer Instagram Ads are Trying to Take My Money https://www.404media.co/fake-bill-ackman-and-jim-cramer-instagram-ads-are-trying-to-take-my-money/

🫥 Rise of deepfake threats means biometric security measures won't be enough https://www.theregister.com/2024/02/01/deepfake_threat_biometrics/

🕵️‍♂️ NSA Buying Bulk Surveillance Data on Americans without a Warrant https://www.schneier.com/blog/archives/2024/01/nsa-buying-bulk-surveillance-data-on-americans-without-a-warrant.html

🚘 A mishandled GitHub token exposed Mercedes-Benz source code https://www.bleepingcomputer.com/news/security/a-mishandled-github-token-exposed-mercedes-benz-source-code/

🏠 So werden Sie bei der Wohnungssuche abgezockt https://www.watchlist-internet.at/news/so-werden-sie-bei-der-wohnungssuche-abgezockt/

🥸 Spyware Targets Human Rights Watch Staff in Jordan https://www.hrw.org/news/2024/02/01/spyware-targets-human-rights-watch-staff-jordan


more, For the Curious

🐧 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

📃 CISA adds multiple new KEV entries. These are two of them. Apple – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog Ivanti – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog-0

👮 Exclusive: US disabled Chinese hacking network targeting critical infrastructure https://www.reuters.com/world/us/us-disabled-chinese-hacking-network-targeting-critical-infrastructure-sources-2024-01-29/

🦃 Cloudflare Blog – Thanksgiving 2023 security incident https://blog.cloudflare.com/thanksgiving-2023-security-incident

💾 The Data Breach “Personal Stash” Ecosystem https://www.troyhunt.com/the-data-breach-personal-stash-ecosystem/

📄 Südwestfalen-IT: Forensik-Bericht zu Ransomware-Angriff So geht man mit einem Incident um! https://forumwk.de/2024/01/25/suedwestfalen-it-forensik-bericht-mit-erkenntnissen-zu-ransomware-angriff/

🖨️ A Practical Guide to PrintNightmare in 2024 https://itm4n.github.io/printnightmare-exploitation/

🐘 Critical Mastodon Vulnerability – Update now https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

🍯 There Are Too Many Damn Honeypots https://vulncheck.com/blog/too-many-honeypots

Ivanti Corner 🚧 New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways Ivanti gets bigger and bigger... https://www.cisa.gov/news-events/alerts/2024/01/30/new-mitigations-defend-against-exploitation-ivanti-connect-secure-and-policy-secure-gateways

🚫 Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities Oh, wow. CISA Orders to “...disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.” https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure

AnyDesk Corner 🛂 AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.html 🛂 AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials https://securityonline.info/anydesk-breach-2024-dark-web-sale-of-18317-credentials/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.


For All

❌ AI Bots on X (Twitter) Neat hack to identify AI bots. https://www.schneier.com/blog/archives/2024/01/ai-bots-on-x-twitter.html

🔍 Using Google Search to Find Software Can Be Risky https://krebsonsecurity.com/2024/01/using-google-search-to-find-software-can-be-risky/

📜 Testing TLS and Certificates Ever wondered what these “certificates” are good for? https://www.blackhillsinfosec.com/testing-tls-and-certificates/

🍏 Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html

🧬 Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months https://go.theregister.com/feed/www.theregister.com/2024/01/26/23_and_me_breach_filing/

🪡 Trolls have flooded X with graphic Taylor Swift AI fakes https://www.theverge.com/2024/1/25/24050334/x-twitter-taylor-swift-ai-fake-images-trending

🐻 Russia social media outage likely caused by state internet regulator https://therecord.media/russia-social-media-outages-roskomnadzor

🐽 These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy https://www.404media.co/these-are-the-notorious-nsa-furby-documents-showing-spy-agency-freaking-out-about-childrens-toy/

🕵️ The NSA Buys Web Browsing Data Without A Warrant, Letter Shows https://packetstormsecurity.com/news/view/35451/The-NSA-Buys-Web-Browsing-Data-Without-A-Warrant-Letter-Shows.html

👩‍⚖️ French regulators levy €32 million fine against Amazon for surveilling employees https://therecord.media/french-regulators-levy-fine-against-amazon-for-monitoring-practices


more, For the Curious

🚘 Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive https://www.securityweek.com/hackers-earn-1-3m-for-tesla-ev-charger-infotainment-exploits-at-pwn2own-automotive/

📄 CISA Adds CVE-2024-23222 to Known Exploited Vulnerability Catalog https://www.cisa.gov/news-events/alerts/2024/01/23/cisa-adds-one-known-exploited-vulnerability-catalog

🪖 How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/

🤵 Jenkins Security Advisory 2024-01-24 – CVE-2024-23897 https://www.jenkins.io/security/advisory/2024-01-24/ https://github.com/gquere/pwn_jenkins/blob/master/README.md

Ⓜ️ Microsoft explains how Russian hackers spied on its executives https://www.theverge.com/2024/1/26/24051708/microsoft-hack-russian-security-attack-senior-leadership-emails

🦮 Guidance on Assembling a Group of Products SBOM? SBOM! https://www.cisa.gov/resources-tools/resources/guidance-assembling-group-products

🍘 Building a Password Cracker https://www.sevnx.com/blog/post/building-a-password-cracker

🧠 The near-term impact of AI on the cyber threat https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Highlights 🪧 IT-KV: Verhandlungen erneut unterbrochen – Demonstration am 24. Jänner I know. It's not much security and just a little cyber https://www.gpa.at/kollektivvertrag/information-und-consulting/informationstechnologie/2024/it-kv-sechste-runde

🚨 Watch out for “I can't believe he is gone” Facebook phishing posts https://www.bleepingcomputer.com/news/security/watch-out-for-i-cant-believe-he-is-gone-facebook-phishing-posts/


For All

👻 Vorsicht vor Kryptoscams, die in Wien auf der Straße liegen https://www.derstandard.at/story/3000000203274/vorsicht-vor-kryptoscams-die-in-wien-auf-der-strasse-liegen

🏢 Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers Official blog post in second link https://www.theverge.com/2024/1/19/24044561/microsoft-senior-leadership-emails-hack-russian-security-attack https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

😾 Meta won't remove fake Instagram profiles used for obvious catfishing https://www.bleepingcomputer.com/news/security/meta-wont-remove-fake-instagram-profiles-used-for-obvious-catfishing/

📴 GrapheneOS: Frequent Android auto-reboots block firmware exploits https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/

🍎 A reboot a day can keep the ******** away https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/

📘 Each Facebook User is Monitored by Thousands of Companies !!!!! !!!!!! https://themarkup.org/privacy/2024/01/17/each-facebook-user-is-monitored-by-thousands-of-companies-study-indicates

👨‍⚖️ IT-Experte wegen Nutzung einer Zugriffssoftware verurteilt https://www.golem.de/news/modern-solution-it-experte-wegen-nutzung-einer-zugriffssoftware-verurteilt-2401-181296.html

👩‍⚖️ FTC settles second case with geolocation data broker in two weeks https://therecord.media/ftc-settles-data-broker-case-geolocation

🥟 Researcher uncovers one of the biggest password dumps in recent history For more info, see the very last entry of this week 😉 https://arstechnica.com/?p=1996879

⛺ Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html

📻 Amazon plans to charge for Alexa in June—unless internal conflict delays revamp https://arstechnica.com/gadgets/2024/01/alexa-is-in-trouble-paid-for-alexa-gives-inaccurate-answers-in-early-demos/ |sarcasm on| Amazon beeing like: If you are dumb enough to put a listening spy-device in your home you are also dumb enough to pay monthly for it (Sorry, but this is just borderline idiotic to me).

🗣 OpenVoice: Versatile Instant Voice Cloning https://research.myshell.ai/open-voice

🏭 Researcher Details Critical Buffer Overflow Vulnerability in Popular Factorio Game https://securityonline.info/researcher-details-critical-buffer-overflow-vulnerability-in-popular-factorio-game/

🏛 Unseen images of code breaking computer that helped win WW2 Not news, but soooo cool https://www.bbc.com/news/technology-67997406


more, For the Curious

🔮 EasyEASM – Zero-dollar Attack Surface Management Tool https://www.kitploit.com/2024/01/easyeasm-zero-dollar-attack-surface.html

🗡️ BobTheSmuggler: Your Covert Cyber Swiss Knife for Undetectable Payload Delivery https://medium.com/@TheCyb3rAlpha/bobthesmuggler-your-covert-cyber-swiss-knife-for-undetectable-payload-delivery-bc84f3037522

Ⓜ️ Microsoft Teams Covert Channels Research https://blog.compass-security.com/2024/01/microsoft-teams-covert-channels-research/

👷Is Hardware-Glitching your Thing? 1 https://sec-consult.com/blog/detail/secglitcher-part-1-reproducible-voltage-glitching-on-stm32-microcontrollers/ 2 https://www.synacktiv.com/en/publications/how-to-voltage-fault-injection

💽 CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service https://www.thezdi.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service

📃 CISA Added the current Ivanti Vulnerability to their KVE list I kind of avoided mentioning the big one. I guess it had to happen. https://www.cisa.gov/news-events/alerts/2024/01/18/cisa-adds-one-known-exploited-vulnerability-catalog

💦 CISA, FBI and EPA release an Incident Response Guide for the WWS Sector There are some cool resources in there, if you dare shaving the yak. https://www.cisa.gov/news-events/alerts/2024/01/18/incident-response-guide-wws-sector

📨 Stealing your email with a .txt file https://blog.strikeready.com/blog/stealing-your-email-with-a-.txt-file/

🚪 Inside the Massive Naz.API Credential Stuffing List https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.


For All

💸 Bitcoin price jumps after hackers hijack SEC Twitter account https://cyberscoop.com/sec-bitcoin-etf-gensler/

🐺 Deepfaked Celebrity Ads Promoting Medicare Scams Run Rampant on YouTube https://www.404media.co/joe-rogan-taylor-swift-andrew-tate-ai-deepfake-youtube-medicare-ads/

📘 Do You Suddenly Need To Delete Your Facebook App? a little long – FBs “new” feature Link-History is getting some attention. https://www.forbes.com/sites/zakdoffman/2024/01/08/serious-new-facebook-warning-for-apple-iphone-and-google-android-users/

🚸 Under pressure, Meta say it will change how it delivers some content to children https://therecord.media/meta-to-change-content-minors

🍔 Burger King Giving Discounts If Facial Recognition Thinks You're Hungover for me this is between cringe an crazy😵‍💫 https://gizmodo.com/burger-king-giving-discounts-if-facial-recognition-thin-1851124496

🚢 Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages I missed this one last week! https://securityaffairs.com/156994/laws-and-regulations/merck-settles-notpetya-insurance.html

🔐 2 new “smart locks” for 🤨 and ✋ Why is this a good idea?😨 https://www.theverge.com/2024/1/8/24025150/lockly-visage-facial-recognition-smart-lock-matter-home-key https://www.theverge.com/2024/1/8/24025616/philips-door-lock-palm-recognition-smart-deadbolt-ces

🔧 Vulnerabilities found in high-power Bosch wrenches popular with carmakers Network connected wrenches!?!?! 🤯 https://therecord.media/bosch-rexroth-pneumatic-wrenches-vulnerabilities-disclosed

👩‍⚖️ FTC settles unprecedented case against geolocation data broker https://therecord.media/ftc-settles-case-geolocation-data-broker-xmode-outlogic


more, For the Curious

🐀 Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

👴 Age-old problems to sharing cyber threat info remain, IG report finds https://cyberscoop.com/cyber-threat-sharing-report-odni/

🐟 Inside a $20 Million Coinbase Phishing Ring https://www.404media.co/inside-a-20-million-coinbase-phishing-ring/

🖨️ Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks – source https://www.reuters.com/markets/deals/hewlett-packard-enterprise-nears-13-bln-deal-buy-juniper-networks-wsj-2024-01-08/

Bugs and CVEs 🧫 GitLab fixed a critical zero-click account hijacking flaw zero-click! update if you use it!! https://securityaffairs.com/157389/security/gitlab-zero-click-account-hijacking-flaw.html

🛅 CVE-2023-46647 Improper privilege management in all versions of GitHub Enterprise Server https://nvd.nist.gov/vuln/detail/CVE-2023-46647

🆕 new CISA Known Exploited Adobe, Apple, D-Link and Joomla https://www.cisa.gov/news-events/alerts/2024/01/08/cisa-adds-six-known-exploited-vulnerabilities-catalog Sharepoint https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Currently in Austria 🅰️ Massenhaft Phishing-Mails im Namen von A1 im Umlauf https://www.watchlist-internet.at/news/sofortiges-handeln-erforderlich-massenhaft-phishing-mails-im-namen-von-a1-im-umlauf/


For All

🤦‍ A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier https://arstechnica.com/?p=1993801

🥸 Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html

🎄 Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data https://securityaffairs.com/156560/deep-web/leaksmas-dark-web-data-leak.html

📠 After ransomware claims, Xerox says subsidiary hit with cyberattack https://therecord.media/xerox-xbs-cyberattack

🥷 Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html

🧑‍⚖️ Court hearings become ransomware concern after justice system breach https://go.theregister.com/feed/www.theregister.com/2024/01/02/victoria_court_system_breach/

🐻 Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html


more, For the Curious

📌 Nearly 11 million SSH servers vulnerable to new Terrapin attacks https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/

🔃 New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html

📇 CISA Adds Two Known Exploited Vulnerabilities to Catalog These are for Excel and Chrome. Fixes exist! Update! https://www.cisa.gov/news-events/alerts/2024/01/02/cisa-adds-two-known-exploited-vulnerabilities-catalog

🍏 4-year campaign backdoored iPhones using possibly the most advanced exploit ever https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature

🛫 Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion https://www.darkreading.com/ics-ot-security/airbus-acquire-atos-cybersecurity-unit-2-billion


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

For All

🎧 Spotify music converter TuneFab puts users at risk https://securityaffairs.com/156659/security/spotify-music-converter-tunefab-data-leak.html

⬛ New Black Basta decryptor exploits ransomware flaw to recover files encrypted between November 2022 earlier this month https://www.databreaches.net/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files-encrypted-between-november-2022-earlier-this-month/

Games 🎮 Game mod on Steam breached to push password-stealing malware https://www.bleepingcomputer.com/news/security/game-mod-on-steam-breached-to-push-password-stealing-malware/

🎮 GTA 5 source code reportedly leaked online a year after RockStar hack https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/

Health 💊 Australia: St Vincent’s unable to confirm if medical records stolen Comment: No Logs –> no visibility –> no clue https://www.databreaches.net/au-st-vincents-unable-to-confirm-if-medical-records-stolen/

🏥 Lockbit ransomware disrupts emergency care at German hospitals https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/

🏥 Hospitals ask courts to force cloud storage firm to return stolen data https://www.bleepingcomputer.com/news/security/hospitals-ask-courts-to-force-cloud-storage-firm-to-return-stolen-data/

more, For the Curious

🚨 SSH ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385) https://threatprotect.qualys.com/2023/12/26/ssh-proxycommand-unexpected-code-execution-vulnerability-cve-2023-51385/

🐍 New Version of Meduza Stealer Released in Dark Web https://securityaffairs.com/156598/malware/meduza-stealer-released-dark-web.html

🍎 Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html

📧 SMTP Smuggling a little older but popped up, because of #37c3 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

🍪🎄 Happy holidays to you all! 🎅🍪


This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.


Update your Browser! 💻 Google addressed a new actively exploited Chrome zero-day https://securityaffairs.com/156231/security/google-addressed-a-new-actively-exploited-chrome-zero-day.html

For Everyone

🤖 Facebook Is Being Overrun With Stolen, AI-Generated Images That People Think Are Real https://www.404media.co/facebook-is-being-overrun-with-stolen-ai-generated-images-that-people-think-are-real/

🧑‍⚖️ Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay https://therecord.media/lapsus$-hacker-sentencing-uk

❌ EU launches formal probe into potential misconduct by X https://therecord.media/european-commission-x-investigation-illegal-content

🛑 Akute Welle an DDoS Angriffen auf staatsnahe und kritische Infrastruktur in Österreich https://cert.at/de/aktuelles/2023/12/akute-welle-an-ddos-angriffen-auf-staatsnahe-und-kritische-infrastruktur-in-osterreich

🤦 U.S. water utilities were hacked after leaving their default passwords set to ‘1111,’ cybersecurity officials say https://www.databreaches.net/u-s-water-utilities-were-hacked-after-leaving-their-default-passwords-set-to-1111-cybersecurity-officials-say/

📱 Threema published a blog post regarding the topic of “Survailance via push notifications” Comment: This is how such things should always be handled! https://threema.ch/en/blog/posts/push-notifications-and-data-privacy

🗨️ FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Comment: Ever wanted to know what the FBI advises regarding ransomware? Spoiler: It's kind of what security folks are advising all day. 😏 https://www.cisa.gov/news-events/alerts/2023/12/18/fbi-cisa-and-asds-acsc-release-advisory-play-ransomware


more, For the Curious

🎆 Year in Malware 2023: Recapping the major cybersecurity stories of the past year https://blog.talosintelligence.com/year-in-malware-2023-timeline/

🏥 Health data breaches hit an all-time high in 2023 https://www.databreaches.net/health-data-breaches-hit-an-all-time-high-in-2023/

🏭 Hacktivists boast: We shut down Iran's gas pumps today https://go.theregister.com/feed/www.theregister.com/2023/12/18/hacktivists_shut_down_irans_petrol/

🖥️ New “Terrapin” Attack on the SSH transport protocol with certain OpenSSH extensions, before 9.6 https://terrapin-attack.com/#question-answer https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

🐈‍⬛ BlackCat Ransomware Raises Ante After FBI Disruption https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/


A peculiar cluster of current phishing warnings this week?

📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/

📧 Fake F5 BIG-IP zero-day warning emails push data wipers https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/

📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.


Update your phones! 📱 Apple iOS Zero Days https://support.apple.com/en-us/HT214039

Update your computers! 💻 Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html

For Everyone

🚆 Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them If you have not read about that story, here is a current article https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/

💰 Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken! https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-whatsapp-und-co-locken/

📱 How worried should we be about the “AutoSpill” credential leak in Android password managers? https://arstechnica.com/?p=1990601

💬 Meta brings end-to-end encryption to Messenger Sometimes there are some good news too! https://arstechnica.com/tech-policy/2023/12/meta-defies-fbi-opposition-to-encryption-brings-e2ee-to-facebook-messenger/

🎮 Counter-Strike 2 HTML injection bug exposes players’ IP addresses https://www.bleepingcomputer.com/news/security/counter-strike-2-html-injection-bug-exposes-players-ip-addresses/

📱 Apple fixed the iPhone’s Flipper Zero problem https://www.theverge.com/2023/12/15/24003406/apple-iphone-flipper-zero-fix-ios-17-2


more, For the Curious

📞 Major Cyber Attack Paralyzes Kyivstar – Ukraine's Largest Telecom Operator https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html

💧 Two-day water outage in remote Irish region caused by pro-Iran hackers https://therecord.media/water-outage-in-ireland-county-mayo

🧓📰 Lazarus Group Using Log4j Exploits Remember Log4j? Still a valuable target. https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html

💽 MongoDB investigates a cyberattack, customer data exposed https://securityaffairs.com/156008/hacking/mongodb-investigate-cyberattack.html

🔐 PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2 https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/

🚨 Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks https://securityaffairs.com/155746/security/sophos-backports-cve-2022-3236-patch.html

🔥 New Security Vulnerabilities Uncovered in pfSense Firewall Software https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub