cyberlights – week 12/2024

A weekly shortlist of cyber security highlights.

‼️ New feature warning – AI generated mini summaries‼️ Some of you reached out with feedback and asked for summaries of the articles. Well, I don't want to spend my own time on this, but chat-GPT should be quite good at this. So, I decided to script myself a little python thingy and you now get AI generated single line summaries and categorizations (which nearly double the length of a single post). This is a “work in progress”-feature. I would appreciate feedback and please let me know, if anything is off or I missed grave errors.

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlight 🤾‍♀️ Esports league postponed after players hacked midgame hacking news

For All

🤕 Meta to shutter key disinformation tracking tool before 2024 election warning – Meta's closure of CrowdTangle tool sparks criticism as groups fear impeded disinformation monitoring ahead of elections.

🐬 FlipperZero – Our Response to the Canadian Government

💸 Crypto scams more costly to US than ransomware, Feds say cybercrime – Investment fraud led to $4.57 billion losses in 2023, surpassing ransomware costs.

🦐 How Spammers, Scammers and Creators Leverage AI-Generated Images on Facebook for Audience Growth cybercrime – Researchers analyze how spammers leverage AI-generated images, such as Shrimp Jesus, on Facebook for audience growth.

🥸 Warning Against Infostealer Disguised as Installer malware – StealC malware disguised as installer distributed in mass, extorting various data through multiple redirections.

🔓 Email accounts of International Monetary Fund compromised data breach – 11 accounts breached, incident under investigation.

🍊 Remove WordPress miniOrange plugins, a critical flaw can allow site takeover vulnerability – Uninstall miniOrange plugins; critical privilege escalation flaw enabling site takeover.

🎎 Fujitsu hack raises questions, after firm confirms customer data breach data breach – Fujitsu warns of potential customer data theft due to malware, lacking details, and uncertain impact.

🤖 FTC investigating Reddit plan to sell user content for AI model training privacy – Reddit's plan to sell user content for AI training sparks privacy concerns.

🛑 Russians will no longer be able to access Microsoft cloud services, business intelligence tools general news – Microsoft will suspend access to cloud services for Russian users due to European sanctions post-invasion of Ukraine.

🩻 Here's why Twitter sends you to a different site than what you clicked security research – Twitter link previews can redirect to different websites; security flaw abused by scammers and threat actors.

💧 Mozilla Drops Onerep After CEO Admits to Running People-Search Networks privacy – Mozilla ends partnership with Onerep after CEO's admission of founding numerous people-search services.

🌐 Nemesis darknet marketplace raided in Germany-led operation cybercrime

more, For the Curious

📦 Opening Pandora-s box – Supply Chain Insider Threats in Open Source projects vulnerability – Open Source projects face supply chain insider threat risks, demonstrated through a responsible disclosure of an RCE vulnerability in AWS.

⛴️ Acoustic Side Channel Attack on Keyboards Based on Typing Patterns security research

👻 Shielding Networks From Androxgh0st malware – AndroxGh0st targets Laravel apps; abuses multiple CVEs for data extraction and RCE.

📄 Abschlussbericht – Security Incident: Südwestfalen-IT

🦜 VIDEO by PirateSoftware: Apex Legends Vulnerabilities – Investigation and Wrap Up hacking news

🗝️ Microsoft announces deprecation of 1024-bit RSA keys in Windows

⛈️ AcidRain | A Modem Wiper Rains Down on Europe malware – AcidRain wiper attack in Ukraine and Germany linked to Russian invasion, using a new ELF MIPS malware wiping modems and routers.

🤏 We’re closer to a cybersecurity standard for smart home devices general news – CSA introduces IoT Device Security Specification and certification to ensure secure smart home devices globally.

💔 Inside the Massive Alleged AT&T Data Breach data breach – 70 million AT&T records, including SSNs and DOBs, leaked on a public forum.

⚡ CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity warning – CISA and partners issue warning on PRC-sponsored Volt Typhoon cyber threat targeting U.S. critical infrastructure.

🤨 Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry vulnerability

🍏 Unpatchable vulnerability in Apple chip leaks secret encryption keys vulnerability – Apple chip vulnerability leaks encryption keys due to prefetchers confusions with memory content.

⚠️ Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days hacking news

🦥 NVD slowdown leaves thousands of vulnerabilities without analysis data vulnerability – NVD stopped updating vulnerabilities analysis, leading to thousands of unanalyzed CVEs, affecting security tools and vulnerability management.

(by Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.