📰wrzlbrmpft's cyberlights💥

weekly cybersecurity highlights (for everyone!)

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight ☝️ Fingerabdruck-Sensor: Tochter kann Google Pixel 8 entsperren TL:DR in English: Saving the same finger twice leads to more collisions https://www.kuketz-blog.de/fingerabdruck-sensor-tochter-kann-google-pixel-8-entsperren/


For All

📳How to stop location tracking on your Android phone (mostly) https://www.theverge.com/21401280/android-location-tracking-history-stop-how-to

🧢 Fake Bill Ackman and Jim Cramer Instagram Ads are Trying to Take My Money https://www.404media.co/fake-bill-ackman-and-jim-cramer-instagram-ads-are-trying-to-take-my-money/

🫥 Rise of deepfake threats means biometric security measures won't be enough https://www.theregister.com/2024/02/01/deepfake_threat_biometrics/

🕵️‍♂️ NSA Buying Bulk Surveillance Data on Americans without a Warrant https://www.schneier.com/blog/archives/2024/01/nsa-buying-bulk-surveillance-data-on-americans-without-a-warrant.html

🚘 A mishandled GitHub token exposed Mercedes-Benz source code https://www.bleepingcomputer.com/news/security/a-mishandled-github-token-exposed-mercedes-benz-source-code/

🏠 So werden Sie bei der Wohnungssuche abgezockt https://www.watchlist-internet.at/news/so-werden-sie-bei-der-wohnungssuche-abgezockt/

🥸 Spyware Targets Human Rights Watch Staff in Jordan https://www.hrw.org/news/2024/02/01/spyware-targets-human-rights-watch-staff-jordan


more, For the Curious

🐧 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

📃 CISA adds multiple new KEV entries. These are two of them. Apple – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog Ivanti – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog-0

👮 Exclusive: US disabled Chinese hacking network targeting critical infrastructure https://www.reuters.com/world/us/us-disabled-chinese-hacking-network-targeting-critical-infrastructure-sources-2024-01-29/

🦃 Cloudflare Blog – Thanksgiving 2023 security incident https://blog.cloudflare.com/thanksgiving-2023-security-incident

💾 The Data Breach “Personal Stash” Ecosystem https://www.troyhunt.com/the-data-breach-personal-stash-ecosystem/

📄 Südwestfalen-IT: Forensik-Bericht zu Ransomware-Angriff So geht man mit einem Incident um! https://forumwk.de/2024/01/25/suedwestfalen-it-forensik-bericht-mit-erkenntnissen-zu-ransomware-angriff/

🖨️ A Practical Guide to PrintNightmare in 2024 https://itm4n.github.io/printnightmare-exploitation/

🐘 Critical Mastodon Vulnerability – Update now https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

🍯 There Are Too Many Damn Honeypots https://vulncheck.com/blog/too-many-honeypots

Ivanti Corner 🚧 New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways Ivanti gets bigger and bigger... https://www.cisa.gov/news-events/alerts/2024/01/30/new-mitigations-defend-against-exploitation-ivanti-connect-secure-and-policy-secure-gateways

🚫 Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities Oh, wow. CISA Orders to “...disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.” https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure

AnyDesk Corner 🛂 AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.html 🛂 AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials https://securityonline.info/anydesk-breach-2024-dark-web-sale-of-18317-credentials/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.


For All

❌ AI Bots on X (Twitter) Neat hack to identify AI bots. https://www.schneier.com/blog/archives/2024/01/ai-bots-on-x-twitter.html

🔍 Using Google Search to Find Software Can Be Risky https://krebsonsecurity.com/2024/01/using-google-search-to-find-software-can-be-risky/

📜 Testing TLS and Certificates Ever wondered what these “certificates” are good for? https://www.blackhillsinfosec.com/testing-tls-and-certificates/

🍏 Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html

🧬 Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months https://go.theregister.com/feed/www.theregister.com/2024/01/26/23_and_me_breach_filing/

🪡 Trolls have flooded X with graphic Taylor Swift AI fakes https://www.theverge.com/2024/1/25/24050334/x-twitter-taylor-swift-ai-fake-images-trending

🐻 Russia social media outage likely caused by state internet regulator https://therecord.media/russia-social-media-outages-roskomnadzor

🐽 These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy https://www.404media.co/these-are-the-notorious-nsa-furby-documents-showing-spy-agency-freaking-out-about-childrens-toy/

🕵️ The NSA Buys Web Browsing Data Without A Warrant, Letter Shows https://packetstormsecurity.com/news/view/35451/The-NSA-Buys-Web-Browsing-Data-Without-A-Warrant-Letter-Shows.html

👩‍⚖️ French regulators levy €32 million fine against Amazon for surveilling employees https://therecord.media/french-regulators-levy-fine-against-amazon-for-monitoring-practices


more, For the Curious

🚘 Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive https://www.securityweek.com/hackers-earn-1-3m-for-tesla-ev-charger-infotainment-exploits-at-pwn2own-automotive/

📄 CISA Adds CVE-2024-23222 to Known Exploited Vulnerability Catalog https://www.cisa.gov/news-events/alerts/2024/01/23/cisa-adds-one-known-exploited-vulnerability-catalog

🪖 How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/

🤵 Jenkins Security Advisory 2024-01-24 – CVE-2024-23897 https://www.jenkins.io/security/advisory/2024-01-24/ https://github.com/gquere/pwn_jenkins/blob/master/README.md

Ⓜ️ Microsoft explains how Russian hackers spied on its executives https://www.theverge.com/2024/1/26/24051708/microsoft-hack-russian-security-attack-senior-leadership-emails

🦮 Guidance on Assembling a Group of Products SBOM? SBOM! https://www.cisa.gov/resources-tools/resources/guidance-assembling-group-products

🍘 Building a Password Cracker https://www.sevnx.com/blog/post/building-a-password-cracker

🧠 The near-term impact of AI on the cyber threat https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Highlights 🪧 IT-KV: Verhandlungen erneut unterbrochen – Demonstration am 24. Jänner I know. It's not much security and just a little cyber https://www.gpa.at/kollektivvertrag/information-und-consulting/informationstechnologie/2024/it-kv-sechste-runde

🚨 Watch out for “I can't believe he is gone” Facebook phishing posts https://www.bleepingcomputer.com/news/security/watch-out-for-i-cant-believe-he-is-gone-facebook-phishing-posts/


For All

👻 Vorsicht vor Kryptoscams, die in Wien auf der Straße liegen https://www.derstandard.at/story/3000000203274/vorsicht-vor-kryptoscams-die-in-wien-auf-der-strasse-liegen

🏢 Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers Official blog post in second link https://www.theverge.com/2024/1/19/24044561/microsoft-senior-leadership-emails-hack-russian-security-attack https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

😾 Meta won't remove fake Instagram profiles used for obvious catfishing https://www.bleepingcomputer.com/news/security/meta-wont-remove-fake-instagram-profiles-used-for-obvious-catfishing/

📴 GrapheneOS: Frequent Android auto-reboots block firmware exploits https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/

🍎 A reboot a day can keep the ******** away https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/

📘 Each Facebook User is Monitored by Thousands of Companies !!!!! !!!!!! https://themarkup.org/privacy/2024/01/17/each-facebook-user-is-monitored-by-thousands-of-companies-study-indicates

👨‍⚖️ IT-Experte wegen Nutzung einer Zugriffssoftware verurteilt https://www.golem.de/news/modern-solution-it-experte-wegen-nutzung-einer-zugriffssoftware-verurteilt-2401-181296.html

👩‍⚖️ FTC settles second case with geolocation data broker in two weeks https://therecord.media/ftc-settles-data-broker-case-geolocation

🥟 Researcher uncovers one of the biggest password dumps in recent history For more info, see the very last entry of this week 😉 https://arstechnica.com/?p=1996879

⛺ Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html

📻 Amazon plans to charge for Alexa in June—unless internal conflict delays revamp https://arstechnica.com/gadgets/2024/01/alexa-is-in-trouble-paid-for-alexa-gives-inaccurate-answers-in-early-demos/ |sarcasm on| Amazon beeing like: If you are dumb enough to put a listening spy-device in your home you are also dumb enough to pay monthly for it (Sorry, but this is just borderline idiotic to me).

🗣 OpenVoice: Versatile Instant Voice Cloning https://research.myshell.ai/open-voice

🏭 Researcher Details Critical Buffer Overflow Vulnerability in Popular Factorio Game https://securityonline.info/researcher-details-critical-buffer-overflow-vulnerability-in-popular-factorio-game/

🏛 Unseen images of code breaking computer that helped win WW2 Not news, but soooo cool https://www.bbc.com/news/technology-67997406


more, For the Curious

🔮 EasyEASM – Zero-dollar Attack Surface Management Tool https://www.kitploit.com/2024/01/easyeasm-zero-dollar-attack-surface.html

🗡️ BobTheSmuggler: Your Covert Cyber Swiss Knife for Undetectable Payload Delivery https://medium.com/@TheCyb3rAlpha/bobthesmuggler-your-covert-cyber-swiss-knife-for-undetectable-payload-delivery-bc84f3037522

Ⓜ️ Microsoft Teams Covert Channels Research https://blog.compass-security.com/2024/01/microsoft-teams-covert-channels-research/

👷Is Hardware-Glitching your Thing? 1 https://sec-consult.com/blog/detail/secglitcher-part-1-reproducible-voltage-glitching-on-stm32-microcontrollers/ 2 https://www.synacktiv.com/en/publications/how-to-voltage-fault-injection

💽 CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service https://www.thezdi.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service

📃 CISA Added the current Ivanti Vulnerability to their KVE list I kind of avoided mentioning the big one. I guess it had to happen. https://www.cisa.gov/news-events/alerts/2024/01/18/cisa-adds-one-known-exploited-vulnerability-catalog

💦 CISA, FBI and EPA release an Incident Response Guide for the WWS Sector There are some cool resources in there, if you dare shaving the yak. https://www.cisa.gov/news-events/alerts/2024/01/18/incident-response-guide-wws-sector

📨 Stealing your email with a .txt file https://blog.strikeready.com/blog/stealing-your-email-with-a-.txt-file/

🚪 Inside the Massive Naz.API Credential Stuffing List https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.


For All

💸 Bitcoin price jumps after hackers hijack SEC Twitter account https://cyberscoop.com/sec-bitcoin-etf-gensler/

🐺 Deepfaked Celebrity Ads Promoting Medicare Scams Run Rampant on YouTube https://www.404media.co/joe-rogan-taylor-swift-andrew-tate-ai-deepfake-youtube-medicare-ads/

📘 Do You Suddenly Need To Delete Your Facebook App? a little long – FBs “new” feature Link-History is getting some attention. https://www.forbes.com/sites/zakdoffman/2024/01/08/serious-new-facebook-warning-for-apple-iphone-and-google-android-users/

🚸 Under pressure, Meta say it will change how it delivers some content to children https://therecord.media/meta-to-change-content-minors

🍔 Burger King Giving Discounts If Facial Recognition Thinks You're Hungover for me this is between cringe an crazy😵‍💫 https://gizmodo.com/burger-king-giving-discounts-if-facial-recognition-thin-1851124496

🚢 Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages I missed this one last week! https://securityaffairs.com/156994/laws-and-regulations/merck-settles-notpetya-insurance.html

🔐 2 new “smart locks” for 🤨 and ✋ Why is this a good idea?😨 https://www.theverge.com/2024/1/8/24025150/lockly-visage-facial-recognition-smart-lock-matter-home-key https://www.theverge.com/2024/1/8/24025616/philips-door-lock-palm-recognition-smart-deadbolt-ces

🔧 Vulnerabilities found in high-power Bosch wrenches popular with carmakers Network connected wrenches!?!?! 🤯 https://therecord.media/bosch-rexroth-pneumatic-wrenches-vulnerabilities-disclosed

👩‍⚖️ FTC settles unprecedented case against geolocation data broker https://therecord.media/ftc-settles-case-geolocation-data-broker-xmode-outlogic


more, For the Curious

🐀 Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

👴 Age-old problems to sharing cyber threat info remain, IG report finds https://cyberscoop.com/cyber-threat-sharing-report-odni/

🐟 Inside a $20 Million Coinbase Phishing Ring https://www.404media.co/inside-a-20-million-coinbase-phishing-ring/

🖨️ Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks – source https://www.reuters.com/markets/deals/hewlett-packard-enterprise-nears-13-bln-deal-buy-juniper-networks-wsj-2024-01-08/

Bugs and CVEs 🧫 GitLab fixed a critical zero-click account hijacking flaw zero-click! update if you use it!! https://securityaffairs.com/157389/security/gitlab-zero-click-account-hijacking-flaw.html

🛅 CVE-2023-46647 Improper privilege management in all versions of GitHub Enterprise Server https://nvd.nist.gov/vuln/detail/CVE-2023-46647

🆕 new CISA Known Exploited Adobe, Apple, D-Link and Joomla https://www.cisa.gov/news-events/alerts/2024/01/08/cisa-adds-six-known-exploited-vulnerabilities-catalog Sharepoint https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Currently in Austria 🅰️ Massenhaft Phishing-Mails im Namen von A1 im Umlauf https://www.watchlist-internet.at/news/sofortiges-handeln-erforderlich-massenhaft-phishing-mails-im-namen-von-a1-im-umlauf/


For All

🤦‍ A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier https://arstechnica.com/?p=1993801

🥸 Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html

🎄 Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data https://securityaffairs.com/156560/deep-web/leaksmas-dark-web-data-leak.html

📠 After ransomware claims, Xerox says subsidiary hit with cyberattack https://therecord.media/xerox-xbs-cyberattack

🥷 Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html

🧑‍⚖️ Court hearings become ransomware concern after justice system breach https://go.theregister.com/feed/www.theregister.com/2024/01/02/victoria_court_system_breach/

🐻 Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html


more, For the Curious

📌 Nearly 11 million SSH servers vulnerable to new Terrapin attacks https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/

🔃 New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html

📇 CISA Adds Two Known Exploited Vulnerabilities to Catalog These are for Excel and Chrome. Fixes exist! Update! https://www.cisa.gov/news-events/alerts/2024/01/02/cisa-adds-two-known-exploited-vulnerabilities-catalog

🍏 4-year campaign backdoored iPhones using possibly the most advanced exploit ever https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature

🛫 Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion https://www.darkreading.com/ics-ot-security/airbus-acquire-atos-cybersecurity-unit-2-billion


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

For All

🎧 Spotify music converter TuneFab puts users at risk https://securityaffairs.com/156659/security/spotify-music-converter-tunefab-data-leak.html

⬛ New Black Basta decryptor exploits ransomware flaw to recover files encrypted between November 2022 earlier this month https://www.databreaches.net/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files-encrypted-between-november-2022-earlier-this-month/

Games 🎮 Game mod on Steam breached to push password-stealing malware https://www.bleepingcomputer.com/news/security/game-mod-on-steam-breached-to-push-password-stealing-malware/

🎮 GTA 5 source code reportedly leaked online a year after RockStar hack https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/

Health 💊 Australia: St Vincent’s unable to confirm if medical records stolen Comment: No Logs –> no visibility –> no clue https://www.databreaches.net/au-st-vincents-unable-to-confirm-if-medical-records-stolen/

🏥 Lockbit ransomware disrupts emergency care at German hospitals https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/

🏥 Hospitals ask courts to force cloud storage firm to return stolen data https://www.bleepingcomputer.com/news/security/hospitals-ask-courts-to-force-cloud-storage-firm-to-return-stolen-data/

more, For the Curious

🚨 SSH ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385) https://threatprotect.qualys.com/2023/12/26/ssh-proxycommand-unexpected-code-execution-vulnerability-cve-2023-51385/

🐍 New Version of Meduza Stealer Released in Dark Web https://securityaffairs.com/156598/malware/meduza-stealer-released-dark-web.html

🍎 Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html

📧 SMTP Smuggling a little older but popped up, because of #37c3 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

🍪🎄 Happy holidays to you all! 🎅🍪


This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.


Update your Browser! 💻 Google addressed a new actively exploited Chrome zero-day https://securityaffairs.com/156231/security/google-addressed-a-new-actively-exploited-chrome-zero-day.html

For Everyone

🤖 Facebook Is Being Overrun With Stolen, AI-Generated Images That People Think Are Real https://www.404media.co/facebook-is-being-overrun-with-stolen-ai-generated-images-that-people-think-are-real/

🧑‍⚖️ Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay https://therecord.media/lapsus$-hacker-sentencing-uk

❌ EU launches formal probe into potential misconduct by X https://therecord.media/european-commission-x-investigation-illegal-content

🛑 Akute Welle an DDoS Angriffen auf staatsnahe und kritische Infrastruktur in Österreich https://cert.at/de/aktuelles/2023/12/akute-welle-an-ddos-angriffen-auf-staatsnahe-und-kritische-infrastruktur-in-osterreich

🤦 U.S. water utilities were hacked after leaving their default passwords set to ‘1111,’ cybersecurity officials say https://www.databreaches.net/u-s-water-utilities-were-hacked-after-leaving-their-default-passwords-set-to-1111-cybersecurity-officials-say/

📱 Threema published a blog post regarding the topic of “Survailance via push notifications” Comment: This is how such things should always be handled! https://threema.ch/en/blog/posts/push-notifications-and-data-privacy

🗨️ FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Comment: Ever wanted to know what the FBI advises regarding ransomware? Spoiler: It's kind of what security folks are advising all day. 😏 https://www.cisa.gov/news-events/alerts/2023/12/18/fbi-cisa-and-asds-acsc-release-advisory-play-ransomware


more, For the Curious

🎆 Year in Malware 2023: Recapping the major cybersecurity stories of the past year https://blog.talosintelligence.com/year-in-malware-2023-timeline/

🏥 Health data breaches hit an all-time high in 2023 https://www.databreaches.net/health-data-breaches-hit-an-all-time-high-in-2023/

🏭 Hacktivists boast: We shut down Iran's gas pumps today https://go.theregister.com/feed/www.theregister.com/2023/12/18/hacktivists_shut_down_irans_petrol/

🖥️ New “Terrapin” Attack on the SSH transport protocol with certain OpenSSH extensions, before 9.6 https://terrapin-attack.com/#question-answer https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

🐈‍⬛ BlackCat Ransomware Raises Ante After FBI Disruption https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/


A peculiar cluster of current phishing warnings this week?

📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/

📧 Fake F5 BIG-IP zero-day warning emails push data wipers https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/

📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.


Update your phones! 📱 Apple iOS Zero Days https://support.apple.com/en-us/HT214039

Update your computers! 💻 Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html

For Everyone

🚆 Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them If you have not read about that story, here is a current article https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/

💰 Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken! https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-whatsapp-und-co-locken/

📱 How worried should we be about the “AutoSpill” credential leak in Android password managers? https://arstechnica.com/?p=1990601

💬 Meta brings end-to-end encryption to Messenger Sometimes there are some good news too! https://arstechnica.com/tech-policy/2023/12/meta-defies-fbi-opposition-to-encryption-brings-e2ee-to-facebook-messenger/

🎮 Counter-Strike 2 HTML injection bug exposes players’ IP addresses https://www.bleepingcomputer.com/news/security/counter-strike-2-html-injection-bug-exposes-players-ip-addresses/

📱 Apple fixed the iPhone’s Flipper Zero problem https://www.theverge.com/2023/12/15/24003406/apple-iphone-flipper-zero-fix-ios-17-2


more, For the Curious

📞 Major Cyber Attack Paralyzes Kyivstar – Ukraine's Largest Telecom Operator https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html

💧 Two-day water outage in remote Irish region caused by pro-Iran hackers https://therecord.media/water-outage-in-ireland-county-mayo

🧓📰 Lazarus Group Using Log4j Exploits Remember Log4j? Still a valuable target. https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html

💽 MongoDB investigates a cyberattack, customer data exposed https://securityaffairs.com/156008/hacking/mongodb-investigate-cyberattack.html

🔐 PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2 https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/

🚨 Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks https://securityaffairs.com/155746/security/sophos-backports-cve-2022-3236-patch.html

🔥 New Security Vulnerabilities Uncovered in pfSense Firewall Software https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub