📰wrzlbrmpft's cyberlights💥

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

---

For All

🗨️ Webinar: Wie schütze ich mich vor Identitätsdiebstahl? https://www.watchlist-internet.at/news/webinar-wie-schuetze-ich-mich-vor-identitaetsdiebstahl/

🍼 Nevada sues to deny kids access to Meta's Messenger encryption https://www.theregister.com/2024/02/26/nevada_meta_encryption/

🖨️ Someone is hacking 3D printers to warn owners of a security flaw https://www.bitdefender.com/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw/

📚 AI-generated articles prompt Wikipedia to downgrade CNET’s reliability rating https://arstechnica.com/information-technology/2024/02/wikipedia-downgrades-cnets-reliability-rating-after-ai-generated-articles/

📅 Calendar Meeting Links Used to Spread Mac Malware https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/

🤗 Hugging Face, the GitHub of AI, hosted code that backdoored user devices https://arstechnica.com/security/2024/03/hugging-face-the-github-of-ai-hosted-code-that-backdoored-user-devices/

⚠️ Hacker-Gruppe fordert Bitcoins: Erpresserische E-Mails enthalten Wohnadresse als Druckmittel https://www.watchlist-internet.at/news/hacker-gruppe-fordert-bitcoins-erpresserische-e-mails-enthalten-wohnadresse-als-druckmittel/

👣 Act now to stop WordPress and Tumblr selling your content to AI firms https://grahamcluley.com/act-now-to-stop-wordpress-and-tumblr-selling-your-content-to-ai-firms/

🛫 Booking.com refund request? It might be an Agent Tesla malware attack https://grahamcluley.com/booking-com-refund-request-it-might-be-an-agent-tesla-malware-attack/

🚗 Steel giant ThyssenKrupp confirms cyberattack on automotive division https://www.bleepingcomputer.com/news/security/steel-giant-thyssenkrupp-confirms-cyberattack-on-automotive-division/

🔍 Russland will Millionen Accounts in sozialen Netzwerken automatisch überwachen https://netzpolitik.org/2024/kreml-leaks-russland-will-millionen-accounts-in-sozialen-netzwerken-automatisch-ueberwachen/

🌏 Biden executive order seeks to cut China off from Americans’ sensitive data https://cyberscoop.com/data-broker-executive-order-china/

⛓️ Husqvarna ports Doom to a robot lawnmower – not, thankfully, its chainsaws https://go.theregister.com/feed/www.theregister.com/2024/02/28/husqvarna_doom_robomower_port/

🎪 Police seized Crimemarket, the largest German-speaking cybercrime marketplace https://securityaffairs.com/159813/cyber-crime/germany-police-seized-crimemarket.html

---

more, For the Curious

🗨️ Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities some more I-Soon https://securityaffairs.com/159595/hacking/i-soon-chinese-firm-data-leak.html

🧑‍🏫 CISA cautions against using hacked Ivanti VPN gateways even after factory resets https://www.bleepingcomputer.com/news/security/cisa-cautions-against-using-hacked-ivanti-vpn-gateways-even-after-factory-resets/

🖼️ NIST Cybersecurity Framework 2.0 https://www.nist.gov/cyberframework

🎖️Advanced Web Penetration Testing Certification HTB starting to certify your skill now https://academy.hackthebox.com/preview/certifications/htb-certified-web-exploitation-expert

🏭 Cybercrims: When we hit IT, they sometimes pay, but when we hit OT... jackpot https://www.theregister.com/2024/02/27/manufacturing_sector_malware/

🍷 European diplomats targeted by SPIKEDWINE with WINELOADER https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader

🐲 BEAST AI needs just a minute of GPU time to make an LLM fly off the rails https://www.theregister.com/2024/02/28/beast_llm_adversarial_prompt_injection_attack/

📦 GitHub besieged by millions of malicious repositories in ongoing attack https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-ongoing-attack/

🦟 The Art of Domain Deception: Bifrost's New Tactic to Deceive Users https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/

🚪 Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways CISA and Partners https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b

🕵️ Predator spyware endures even after widespread exposure, analysis shows https://cyberscoop.com/predator-spyware-endures-after-exposure/

Lockbit takedown Corner – again 🔨 FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. He even talked to gang leader “lockbitsup” https://krebsonsecurity.com/2024/02/fbis-lockbit-takedown-postponed-a-ticking-time-bomb-in-fulton-county-ga/

🆙 Is the LockBit gang resuming its operation? Experts warn that the LockBit ransomware group has started using updated encryptors in new attacks,... https://securityaffairs.com/159757/cyber-crime/lockbit-gang-resuming-operation.html

🃏 Fulton County, Security Experts Call LockBit’s Bluff https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

---

For All

🕵️‍♀️ Brussels spyware bombshell: Surveillance software found on officials’ phones https://www.politico.eu/article/parliament-defense-subcommittee-phones-checked-for-spyware/

🚔 Police arrests LockBit ransomware members, release decryptor in global crackdown The big one this week. https://securityaffairs.com/159360/cyber-crime/operation-cronos-disrupted-lockbit-operation.html https://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/ 🚓 More details about Operation Cronos that disrupted Lockbit operation https://securityaffairs.com/159388/cyber-crime/operation-cronos-against-lockbit.html

🥵 Reddit signs AI training deal with Google – and why OpenAI's Altman could be the winner https://www.theregister.com/2024/02/22/reddit_google_license_ipo_altman/

👾 Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data https://www.theverge.com/2024/2/22/24080135/avast-security-privacy-software-ftc-fine-data-harvesting 💰 Avast shells out $17M to shoo away claims it peddled people's personal data https://www.theregister.com/2024/02/23/avast_ftc_settlement/

🚪 DoorDash coughs up a few bucks after California accuses it of spreading around customer info https://www.theregister.com/2024/02/22/doordash_ccpa_settlement/

📹 Wyze security incident allowed strangers to see into some users’ homes https://therecord.media/wyze-camera-security-incident-allowed-strangers-to-see-into-homes

🧬 Vietnam to collect biometrics – even DNA – for new ID cards https://www.theregister.com/2024/02/20/vietnam_id_cards_dna/

🗨️ Signal will soon let you share a username instead of your phone number Already available as beta tester https://www.theverge.com/2024/2/20/24078395/signal-username-phone-number-beta

⚖️ Europe's data protection laws cut data storage by making information-wrangling pricier https://www.theregister.com/2024/02/21/gdpr_data_processing_costs/

Fun read corner *(at least for me)* 📤 Thanks FedEx, This is Why we Keep Getting Phished Fun read (at least for me) https://www.troyhunt.com/thanks-fedex-this-is-why-we-keep-getting-phished/

👠 The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger – I never thought I was the kind of person to fall for a scam. Long, but amazingly relateable https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html

---

more, For the Curious

💧 Documents from a Chinese government spyware vendor Anxun leaked to GitHub THE 2nd BIG ONE for this week. “I-S00N” Newsarticles https://www.lawfaremedia.org/article/the-i-soon-data-leak-disruption-disruption-everywhere https://krebsonsecurity.com/2024/02/new-leak-shows-business-side-of-chinas-apt-menace/ https://www.theregister.com/2024/02/22/i_soon_china_infosec_leak/ https://cyberscoop.com/isoon-chinese-apt-contractor-leak/ other sources https://news.ycombinator.com/item?id=39426379 https://github.com/mttaggart/I-S00N/tree/main/0

🐎 Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach/

🔋 VARTA – Statement, VARTA makes good progress in solving the cyberattack https://www.varta-ag.com/en/about-varta/news/details/varta-makes-good-progress-in-solving-the-cyberattack

💨 Dusting Off Old Fingerprints: NSO Group’s Unknown MMS Hack Missed this one last week. https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/

🚢 Biden signs executive order to give Coast Guard added authority over maritime cyber threats https://cyberscoop.com/biden-executive-order-coast-guard-cyber/

💯 How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity https://blog.talosintelligence.com/how-cvss-4-0-changes-vulnerability-severity/

🪤 The scary DNS “KeyTrap” bug explained in plain words Thank you cert.at for this one. I really struggled to find a good description... https://pducklin.com/2024/02/18/the-scary-dns-keytrap-bug-explained-in-plain-words/

🌩 Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers https://www.securityweek.com/researchers-devise-voltschemer-attacks-targeting-wireless-chargers/

⚔ Two days into the Digital Services Act, EU wields it to deepen TikTok probe https://www.theregister.com/2024/02/20/eu_tiktok_investigation/

🪖 Now the ‘most dangerous time I can remember,’ warns British military’s cyber general https://therecord.media/gen-jim-hockenhull-most-dangerous-time-national-security

🍐 Apple created post-quantum cryptographic protocol PQ3 for iMessage https://securityaffairs.com/159543/security/post-quantum-cryptographic-protocol-pq3.html

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

---

For All

👨‍👩‍👧‍👦 One in five children found to engage in illegal activity online https://www.nationalcrimeagency.gov.uk/news/one-in-five-children-found-to-engage-in-illegal-activity-online

📶 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data https://securityaffairs.com/159003/security/public-wi-fi-attacks.html

😨 Quarter of polled Americans say they use AI to make them hotter in online dating https://www.theregister.com/2024/02/12/generative_ai_online_dating_boost/

🛍️ Angreifer spoofen Temu – German! https://www.zdnet.de/88414209/angreifer-spoofen-temu/

👩‍⚖️ Backdoors that let cops decrypt messages violate human rights, EU court says https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/

👀 EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme https://www.securityweek.com/eu-watchdog-urged-to-reject-meta-pay-for-privacy-scheme/

♻ Meta says risk of account theft after phone number recycling isn't its problem to solve https://www.theregister.com/2024/02/13/meta_phone_security_number_recycling/

🗳 Global Malicious Activity Targeting Elections is Skyrocketing https://securityaffairs.com/159062/hacking/global-malicious-activity-targeting-elections.html

🤱 Broker sold Planned Parenthood visitor location data to pro-life group, senator says Nothing to hide... https://therecord.media/broker-sold-planned-parenthood-data-wyden

🏥 A ransomware attack took 100 Romanian hospitals down https://securityaffairs.com/159093/cyber-crime/romanian-hospitals-ransomware-attack.html

---

more, For the Curious

🧩 Rhysida ransomware cracked! Free decryption tool released https://www.tripwire.com/state-of-security/rhysida-ransomware-cracked-free-decryption-tool-released

🆓 Broadcom terminates VMware's free ESXi hypervisor https://www.theregister.com/2024/02/13/broadcom_ends_free_esxi_vsphere/

💫 Raspberry Robin spotted using two new 1-day LPE exploits https://securityaffairs.com/158969/malware/raspberry-robin-1-day-exploits.html

🐬 Flipper Zero takes to the big screen Flipper with video output! https://www.theregister.com/2024/02/13/flipper_zero_vgm/

🐞 New critical Microsoft Outlook RCE bug is trivial to exploit https://www.bleepingcomputer.com/news/security/new-critical-microsoft-outlook-rce-bug-is-trivial-to-exploit/

💸 Pennsylvania county pays $350,000 cyberattack ransom https://therecord.media/pennsylvania-county-pays-cyberattack-ransom

🧧 US, Estonia to send confiscated Russian funds to Ukraine. Are ransomware proceeds next? https://therecord.media/us-estonia-sending-confiscated-russian-funds

⚡ Espressif ESP32: Breaking HW AES with Electromagnetic Analysis Glitching your thing https://raelize.com/blog/espressif-systems-esp32-breaking-hw-aes-with-electromagnetic-analysis/

---

CISA Advisory Corner Microsoft – Actively Exploited! Ⓜ Microsoft Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/microsoft-releases-security-updates-multiple-products Adobe 🅰 Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/adobe-releases-security-updates-multiple-products BIND 9 🅱 ISC Releases Security Advisories for BIND 9 https://www.cisa.gov/news-events/alerts/2024/02/13/isc-releases-security-advisories-bind-9 🏭 CISA Releases Seventeen Industrial Control Systems Advisories A lot of Siemens https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-releases-seventeen-industrial-control-systems-advisories 🧱 CISA Adds Two Known Exploited Vulnerabilities to Catalog Cisco ASA and Exchange https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-adds-two-known-exploited-vulnerabilities-catalog

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight 🪥 How to tell if your toothbrush is being used in a DDoS attack https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack Wanna know more? See end of post.

🏙 Betrug: Falsche Briefe der Stadt verschickt https://wien.orf.at/stories/3243868/

---

For All

🏴‍☠️ How are user credentials stolen and used by threat actors? https://blog.talosintelligence.com/how-are-user-credentials-stolen-and-used-by-threat-actors/

👩‍🏭 Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html

🔲 QR Codes – what's the real risk? https://www.ncsc.gov.uk/blog-post/qr-codes-whats-real-risk

🥸 Fake LastPass password manager spotted on Apple-s App Store https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/

🕵️‍♀️ Buying Spying: How the commercial surveillance industry works and what can be done about it Wanna know more? Full report by Google further down https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/

🧹 Mozilla’s new service tries to wipe your data off the web https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests

🏷 Meta announcement: Labeling AI-Generated Images on Facebook, Instagram and Threads https://about.fb.com/news/2024/02/labeling-ai-generated-images-on-facebook-instagram-and-threads/

🌆How to Protect Your Social Media Accounts Good tips. You can skip the score... https://www.mcafee.com/blogs/privacy-identity-protection/how-to-protect-your-social-media-accounts/

👑 Want to watch porn in Britain? Get your passport ready https://www.politico.eu/article/the-great-british-porn-block-is-back/

---

more, For the Curious

👨‍🔧OT Maintenance Is Primary Source of OT Security Incidents: Report https://www.securityweek.com/ot-maintenance-is-primary-source-of-ot-security-incidents-report/

🔨 mlcsec/proctools: Small toolkit for extracting information and dumping sensitive strings from Windows processes https://github.com/mlcsec/proctools

🚘 How I Also Hacked my Car https://goncalomb.com/blog/2024/01/30/f57cf19b-how-i-also-hacked-my-car

🧾 Full Report by Google – Buying Spying Insights into Commercial Surveillance Vendors https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf

🔓 VIDEO: Breaking Bitlocker – Bypassing the Windows Disk Encryption (by stacksmashing) https://www.youtube.com/watch?v=wTl4vEednkQ

🩲 The Real Shim Shady – How CVE-2023-40547 Impacts Most Linux Systems https://eclypsium.com/blog/the-real-shim-shady-how-cve-2023-40547-impacts-most-linux-systems/

📡 CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers https://therecord.media/kyivstar-ceo-on-russian-cyberattack-telecom

📵 Taking Apart an Android SMS Stealer https://vaktibabat.github.io/posts/Android_SMS_Stealer/

💫 Combining Cybersecurity Frameworks: An Alternative to Incident Reporting https://medium.com/@s.lontzetidis/combining-cybersecurity-frameworks-an-alternative-to-incident-reporting-9d642d9a5456

Doubt corner – don't believe everything! 📹 Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ !! Doubtfull story. Source article seems to be this from scmp.com. https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html

🦷 3 million smart toothbrushes were just used in a DDoS attack. Really !! ⚠ NOT true!! @GossiTheDog@cyberplace.social and Forbes https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-just-used-in-a-ddos-attack-really/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight ☝️ Fingerabdruck-Sensor: Tochter kann Google Pixel 8 entsperren TL:DR in English: Saving the same finger twice leads to more collisions https://www.kuketz-blog.de/fingerabdruck-sensor-tochter-kann-google-pixel-8-entsperren/

---

For All

📳How to stop location tracking on your Android phone (mostly) https://www.theverge.com/21401280/android-location-tracking-history-stop-how-to

🧢 Fake Bill Ackman and Jim Cramer Instagram Ads are Trying to Take My Money https://www.404media.co/fake-bill-ackman-and-jim-cramer-instagram-ads-are-trying-to-take-my-money/

🫥 Rise of deepfake threats means biometric security measures won't be enough https://www.theregister.com/2024/02/01/deepfake_threat_biometrics/

🕵️‍♂️ NSA Buying Bulk Surveillance Data on Americans without a Warrant https://www.schneier.com/blog/archives/2024/01/nsa-buying-bulk-surveillance-data-on-americans-without-a-warrant.html

🚘 A mishandled GitHub token exposed Mercedes-Benz source code https://www.bleepingcomputer.com/news/security/a-mishandled-github-token-exposed-mercedes-benz-source-code/

🏠 So werden Sie bei der Wohnungssuche abgezockt https://www.watchlist-internet.at/news/so-werden-sie-bei-der-wohnungssuche-abgezockt/

🥸 Spyware Targets Human Rights Watch Staff in Jordan https://www.hrw.org/news/2024/02/01/spyware-targets-human-rights-watch-staff-jordan

---

more, For the Curious

🐧 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

📃 CISA adds multiple new KEV entries. These are two of them. Apple – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog Ivanti – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog-0

👮 Exclusive: US disabled Chinese hacking network targeting critical infrastructure https://www.reuters.com/world/us/us-disabled-chinese-hacking-network-targeting-critical-infrastructure-sources-2024-01-29/

🦃 Cloudflare Blog – Thanksgiving 2023 security incident https://blog.cloudflare.com/thanksgiving-2023-security-incident

💾 The Data Breach “Personal Stash” Ecosystem https://www.troyhunt.com/the-data-breach-personal-stash-ecosystem/

📄 Südwestfalen-IT: Forensik-Bericht zu Ransomware-Angriff So geht man mit einem Incident um! https://forumwk.de/2024/01/25/suedwestfalen-it-forensik-bericht-mit-erkenntnissen-zu-ransomware-angriff/

🖨️ A Practical Guide to PrintNightmare in 2024 https://itm4n.github.io/printnightmare-exploitation/

🐘 Critical Mastodon Vulnerability – Update now https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

🍯 There Are Too Many Damn Honeypots https://vulncheck.com/blog/too-many-honeypots

Ivanti Corner 🚧 New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways Ivanti gets bigger and bigger... https://www.cisa.gov/news-events/alerts/2024/01/30/new-mitigations-defend-against-exploitation-ivanti-connect-secure-and-policy-secure-gateways

🚫 Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities Oh, wow. CISA Orders to “...disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.” https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure

AnyDesk Corner 🛂 AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.html 🛂 AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials https://securityonline.info/anydesk-breach-2024-dark-web-sale-of-18317-credentials/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

---

For All

❌ AI Bots on X (Twitter) Neat hack to identify AI bots. https://www.schneier.com/blog/archives/2024/01/ai-bots-on-x-twitter.html

🔍 Using Google Search to Find Software Can Be Risky https://krebsonsecurity.com/2024/01/using-google-search-to-find-software-can-be-risky/

📜 Testing TLS and Certificates Ever wondered what these “certificates” are good for? https://www.blackhillsinfosec.com/testing-tls-and-certificates/

🍏 Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html

🧬 Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months https://go.theregister.com/feed/www.theregister.com/2024/01/26/23_and_me_breach_filing/

🪡 Trolls have flooded X with graphic Taylor Swift AI fakes https://www.theverge.com/2024/1/25/24050334/x-twitter-taylor-swift-ai-fake-images-trending

🐻 Russia social media outage likely caused by state internet regulator https://therecord.media/russia-social-media-outages-roskomnadzor

🐽 These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy https://www.404media.co/these-are-the-notorious-nsa-furby-documents-showing-spy-agency-freaking-out-about-childrens-toy/

🕵️ The NSA Buys Web Browsing Data Without A Warrant, Letter Shows https://packetstormsecurity.com/news/view/35451/The-NSA-Buys-Web-Browsing-Data-Without-A-Warrant-Letter-Shows.html

👩‍⚖️ French regulators levy €32 million fine against Amazon for surveilling employees https://therecord.media/french-regulators-levy-fine-against-amazon-for-monitoring-practices

---

more, For the Curious

🚘 Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive https://www.securityweek.com/hackers-earn-1-3m-for-tesla-ev-charger-infotainment-exploits-at-pwn2own-automotive/

📄 CISA Adds CVE-2024-23222 to Known Exploited Vulnerability Catalog https://www.cisa.gov/news-events/alerts/2024/01/23/cisa-adds-one-known-exploited-vulnerability-catalog

🪖 How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/

🤵 Jenkins Security Advisory 2024-01-24 – CVE-2024-23897 https://www.jenkins.io/security/advisory/2024-01-24/ https://github.com/gquere/pwn_jenkins/blob/master/README.md

Ⓜ️ Microsoft explains how Russian hackers spied on its executives https://www.theverge.com/2024/1/26/24051708/microsoft-hack-russian-security-attack-senior-leadership-emails

🦮 Guidance on Assembling a Group of Products SBOM? SBOM! https://www.cisa.gov/resources-tools/resources/guidance-assembling-group-products

🍘 Building a Password Cracker https://www.sevnx.com/blog/post/building-a-password-cracker

🧠 The near-term impact of AI on the cyber threat https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Highlights 🪧 IT-KV: Verhandlungen erneut unterbrochen – Demonstration am 24. Jänner I know. It's not much security and just a little cyber https://www.gpa.at/kollektivvertrag/information-und-consulting/informationstechnologie/2024/it-kv-sechste-runde

🚨 Watch out for “I can't believe he is gone” Facebook phishing posts https://www.bleepingcomputer.com/news/security/watch-out-for-i-cant-believe-he-is-gone-facebook-phishing-posts/

---

For All

👻 Vorsicht vor Kryptoscams, die in Wien auf der Straße liegen https://www.derstandard.at/story/3000000203274/vorsicht-vor-kryptoscams-die-in-wien-auf-der-strasse-liegen

🏢 Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers Official blog post in second link https://www.theverge.com/2024/1/19/24044561/microsoft-senior-leadership-emails-hack-russian-security-attack https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

😾 Meta won't remove fake Instagram profiles used for obvious catfishing https://www.bleepingcomputer.com/news/security/meta-wont-remove-fake-instagram-profiles-used-for-obvious-catfishing/

📴 GrapheneOS: Frequent Android auto-reboots block firmware exploits https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/

🍎 A reboot a day can keep the ******** away https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/

📘 Each Facebook User is Monitored by Thousands of Companies !!!!! !!!!!! https://themarkup.org/privacy/2024/01/17/each-facebook-user-is-monitored-by-thousands-of-companies-study-indicates

👨‍⚖️ IT-Experte wegen Nutzung einer Zugriffssoftware verurteilt https://www.golem.de/news/modern-solution-it-experte-wegen-nutzung-einer-zugriffssoftware-verurteilt-2401-181296.html

👩‍⚖️ FTC settles second case with geolocation data broker in two weeks https://therecord.media/ftc-settles-data-broker-case-geolocation

🥟 Researcher uncovers one of the biggest password dumps in recent history For more info, see the very last entry of this week 😉 https://arstechnica.com/?p=1996879

⛺ Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html

📻 Amazon plans to charge for Alexa in June—unless internal conflict delays revamp https://arstechnica.com/gadgets/2024/01/alexa-is-in-trouble-paid-for-alexa-gives-inaccurate-answers-in-early-demos/ |sarcasm on| Amazon beeing like: If you are dumb enough to put a listening spy-device in your home you are also dumb enough to pay monthly for it (Sorry, but this is just borderline idiotic to me).

🗣 OpenVoice: Versatile Instant Voice Cloning https://research.myshell.ai/open-voice

🏭 Researcher Details Critical Buffer Overflow Vulnerability in Popular Factorio Game https://securityonline.info/researcher-details-critical-buffer-overflow-vulnerability-in-popular-factorio-game/

🏛 Unseen images of code breaking computer that helped win WW2 Not news, but soooo cool https://www.bbc.com/news/technology-67997406

---

more, For the Curious

🔮 EasyEASM – Zero-dollar Attack Surface Management Tool https://www.kitploit.com/2024/01/easyeasm-zero-dollar-attack-surface.html

🗡️ BobTheSmuggler: Your Covert Cyber Swiss Knife for Undetectable Payload Delivery https://medium.com/@TheCyb3rAlpha/bobthesmuggler-your-covert-cyber-swiss-knife-for-undetectable-payload-delivery-bc84f3037522

Ⓜ️ Microsoft Teams Covert Channels Research https://blog.compass-security.com/2024/01/microsoft-teams-covert-channels-research/

👷Is Hardware-Glitching your Thing? 1 https://sec-consult.com/blog/detail/secglitcher-part-1-reproducible-voltage-glitching-on-stm32-microcontrollers/ 2 https://www.synacktiv.com/en/publications/how-to-voltage-fault-injection

💽 CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service https://www.thezdi.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service

📃 CISA Added the current Ivanti Vulnerability to their KVE list I kind of avoided mentioning the big one. I guess it had to happen. https://www.cisa.gov/news-events/alerts/2024/01/18/cisa-adds-one-known-exploited-vulnerability-catalog

💦 CISA, FBI and EPA release an Incident Response Guide for the WWS Sector There are some cool resources in there, if you dare shaving the yak. https://www.cisa.gov/news-events/alerts/2024/01/18/incident-response-guide-wws-sector

📨 Stealing your email with a .txt file https://blog.strikeready.com/blog/stealing-your-email-with-a-.txt-file/

🚪 Inside the Massive Naz.API Credential Stuffing List https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

---

For All

💸 Bitcoin price jumps after hackers hijack SEC Twitter account https://cyberscoop.com/sec-bitcoin-etf-gensler/

🐺 Deepfaked Celebrity Ads Promoting Medicare Scams Run Rampant on YouTube https://www.404media.co/joe-rogan-taylor-swift-andrew-tate-ai-deepfake-youtube-medicare-ads/

📘 Do You Suddenly Need To Delete Your Facebook App? a little long – FBs “new” feature Link-History is getting some attention. https://www.forbes.com/sites/zakdoffman/2024/01/08/serious-new-facebook-warning-for-apple-iphone-and-google-android-users/

🚸 Under pressure, Meta say it will change how it delivers some content to children https://therecord.media/meta-to-change-content-minors

🍔 Burger King Giving Discounts If Facial Recognition Thinks You're Hungover for me this is between cringe an crazy😵‍💫 https://gizmodo.com/burger-king-giving-discounts-if-facial-recognition-thin-1851124496

🚢 Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages I missed this one last week! https://securityaffairs.com/156994/laws-and-regulations/merck-settles-notpetya-insurance.html

🔐 2 new “smart locks” for 🤨 and ✋ Why is this a good idea?😨 https://www.theverge.com/2024/1/8/24025150/lockly-visage-facial-recognition-smart-lock-matter-home-key https://www.theverge.com/2024/1/8/24025616/philips-door-lock-palm-recognition-smart-deadbolt-ces

🔧 Vulnerabilities found in high-power Bosch wrenches popular with carmakers Network connected wrenches!?!?! 🤯 https://therecord.media/bosch-rexroth-pneumatic-wrenches-vulnerabilities-disclosed

👩‍⚖️ FTC settles unprecedented case against geolocation data broker https://therecord.media/ftc-settles-case-geolocation-data-broker-xmode-outlogic

---

more, For the Curious

🐀 Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

👴 Age-old problems to sharing cyber threat info remain, IG report finds https://cyberscoop.com/cyber-threat-sharing-report-odni/

🐟 Inside a $20 Million Coinbase Phishing Ring https://www.404media.co/inside-a-20-million-coinbase-phishing-ring/

🖨️ Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks – source https://www.reuters.com/markets/deals/hewlett-packard-enterprise-nears-13-bln-deal-buy-juniper-networks-wsj-2024-01-08/

Bugs and CVEs 🧫 GitLab fixed a critical zero-click account hijacking flaw zero-click! update if you use it!! https://securityaffairs.com/157389/security/gitlab-zero-click-account-hijacking-flaw.html

🛅 CVE-2023-46647 Improper privilege management in all versions of GitHub Enterprise Server https://nvd.nist.gov/vuln/detail/CVE-2023-46647

🆕 new CISA Known Exploited Adobe, Apple, D-Link and Joomla https://www.cisa.gov/news-events/alerts/2024/01/08/cisa-adds-six-known-exploited-vulnerabilities-catalog Sharepoint https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Currently in Austria 🅰️ Massenhaft Phishing-Mails im Namen von A1 im Umlauf https://www.watchlist-internet.at/news/sofortiges-handeln-erforderlich-massenhaft-phishing-mails-im-namen-von-a1-im-umlauf/

---

For All

🤦‍ A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier https://arstechnica.com/?p=1993801

🥸 Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html

🎄 Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data https://securityaffairs.com/156560/deep-web/leaksmas-dark-web-data-leak.html

📠 After ransomware claims, Xerox says subsidiary hit with cyberattack https://therecord.media/xerox-xbs-cyberattack

🥷 Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html

🧑‍⚖️ Court hearings become ransomware concern after justice system breach https://go.theregister.com/feed/www.theregister.com/2024/01/02/victoria_court_system_breach/

🐻 Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html

---

more, For the Curious

📌 Nearly 11 million SSH servers vulnerable to new Terrapin attacks https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/

🔃 New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html

📇 CISA Adds Two Known Exploited Vulnerabilities to Catalog These are for Excel and Chrome. Fixes exist! Update! https://www.cisa.gov/news-events/alerts/2024/01/02/cisa-adds-two-known-exploited-vulnerabilities-catalog

🍏 4-year campaign backdoored iPhones using possibly the most advanced exploit ever https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature

🛫 Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion https://www.darkreading.com/ics-ot-security/airbus-acquire-atos-cybersecurity-unit-2-billion

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

For All

🎧 Spotify music converter TuneFab puts users at risk https://securityaffairs.com/156659/security/spotify-music-converter-tunefab-data-leak.html

⬛ New Black Basta decryptor exploits ransomware flaw to recover files encrypted between November 2022 earlier this month https://www.databreaches.net/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files-encrypted-between-november-2022-earlier-this-month/

Games 🎮 Game mod on Steam breached to push password-stealing malware https://www.bleepingcomputer.com/news/security/game-mod-on-steam-breached-to-push-password-stealing-malware/

🎮 GTA 5 source code reportedly leaked online a year after RockStar hack https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/

Health 💊 Australia: St Vincent’s unable to confirm if medical records stolen Comment: No Logs –> no visibility –> no clue https://www.databreaches.net/au-st-vincents-unable-to-confirm-if-medical-records-stolen/

🏥 Lockbit ransomware disrupts emergency care at German hospitals https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/

🏥 Hospitals ask courts to force cloud storage firm to return stolen data https://www.bleepingcomputer.com/news/security/hospitals-ask-courts-to-force-cloud-storage-firm-to-return-stolen-data/

more, For the Curious

🚨 SSH ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385) https://threatprotect.qualys.com/2023/12/26/ssh-proxycommand-unexpected-code-execution-vulnerability-cve-2023-51385/

🐍 New Version of Meduza Stealer Released in Dark Web https://securityaffairs.com/156598/malware/meduza-stealer-released-dark-web.html

🍎 Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html

📧 SMTP Smuggling a little older but popped up, because of #37c3 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub