cyberlights – week 16/2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.

Highlight 🚨 Erneut Phishing-Mails im Namen der ÖGK im Umlauf!

News For All

🐢 PuTTY vulnerability vuln-p521-bias vulnerability

🦦 Fake cheat lures gamers into spreading infostealer malware security news

🤖 Liberals accuse Conservatives of using AI for amendments to jobs bill as votes loom security news – using AI for unconstructive bill amendments

💻 UPDATED: Ready or Not Developer Has 4TB Of Data Stolen Including Full Source Code data breach

🌐 UNDP Investigates Cyber-Security Incident data breach – HR and procurement data stolen

🔑 Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns warning – phishing campaign with Voice Phishing (Vishing)

🔐 Delinea releases Secret Server patches for critical vuln vulnerability – critical

🔒 Roku switches on 2FA for all following latest security snafu *security news – after two incidents led to unauthorized access *

🛂 MGM sues to block FTC investigation of its data security security news – questioning the constitutionality of the agency's requests.

🕵️ A Spy Site Is Scraping Discord and Selling Users’ Messages privacy – Spy Pet, an online service, selling access to users' messages, voice channel activity, and more for $5.

🧢 House passes bill to limit personal data purchases by law enforcement, intelligence agencies mycat: security news privacy – “Fourth Amendment Is Not For Sale Act” to limit government purchases of personal data without a court order.

🤌 EU tells Meta it can't paywall privacy privacy – Meta maintains its subscription model complies with EU laws, while privacy groups argue against 'fake choice' practices, citing GDPR violations.

🏫 Kaspersky Study: Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020 security research

👥 Microsoft’s VASA-1 can deepfake a person with one photo and one audio track security news

Some More, For the Curious

🛡️ “Totally Unexpected” Package Malware Using Modified Notepad++ Plugin malware

⚔️ Leaked LockBit builder in a real-life incident response case security research – Analysis of LockBit builder in ransomware incident response

👁️ Entra IDs “Banned Password Lists”: password spraying optimizations and defenses security research

⚙️ Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus hacking write-up

🍵 Shostack + Friends Blog > CSRB Report on Microsoft security news – An in-depth analysis of the CSRB report on Microsoft's intrusion.

⚖️ Warrantless spying powers extended to 2026 with Biden’s signature security news

🚄 Russia is trying to sabotage European railways, Czech minister said security news

⏳ What’s the deal with the massive backlog of vulnerabilities at the NVD? security news – unanalyzed vulnerabilities, impacting patch management efforts and leading to delays in severity score assignments.

🪱 Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm security research

🥀 Critical CrushFTP zero-day exploited in attacks in the wild vulnerability

CISA Corner Oracle Releases Critical Patch Update Advisory for April 2024 Cisco Releases Security Advisories for Cisco Integrated Management Controller

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.