📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights.

The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

⚠️ Google's new AI search results promotes sites pushing malware, scams warning https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/

👧 Florida enacts tough social media law barring children under 14 from holding accounts privacy – Florida law bars children under 14 from social media accounts, requires consent for 14-15 year olds, and mandates age verification for explicit sites. Critics argue privacy violations and censorship issues. https://therecord.media/florida-enacts-social-media-law-bars-minors

🍏 “MFA Fatigue” attack targets iPhone owners with endless password reset prompts cybercrime – Victims, overwhelmed by prompts, might unintentionally grant access or accidentally allow attackers in. https://arstechnica.com/security/2024/03/mfa-fatigue-attack-targets-iphone-owners-with-endless-password-reset-prompts/

📈 Meta allegedly snooped on Snapchat via traffic decryption privacy – Meta allegedly using Onavo to intercept Snapchat data for commercial gain. Meta's actions included intercepting SSL traffic. https://www.theregister.com/2024/03/27/meta_snapchat_data/

☎️ Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs privacy – Telegram offers free premium subscription to users in exchange for allowing their phone numbers to be used to send OTPs. https://thehackernews.com/2024/03/telegram-offers-premium-subscription-in.html

🤖 Navigating the Challenges and Opportunities of Synthetic Voices security research – OpenAI shares insights into small-scale preview of Voice Engine, highlighting potential risks. https://openai.com/blog/navigating-the-challenges-and-opportunities-of-synthetic-voices

⚖️ 25 years for Sam Bankman-Fried cybercrime – Sam Bankman-Fried sentenced to 25 years in prison and $11 billion judgment for crimes related to FTX. https://www.citationneeded.news/sam-bankman-fried-sentenced/

⚛️ Sellafield nuclear waste dump faces prosecution over cybersecurity failures security news – Sellafield nuclear waste dump faces legal action over cybersecurity breaches, potential espionage and disruptive attacks. https://www.bitdefender.com/blog/hotforsecurity/sellafield-nuclear-waste-dump-faces-prosecution-over-cybersecurity-failures/

APT31 put in a corner? 🏬 Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov cybercrime https://arstechnica.com/security/2024/03/justice-department-indicts-7-accused-in-14-year-hack-campaign-by-chinese-gov/ 🌐 UK, New Zealand Accuse China of Cyberattacks on Government Entities cybercrime – Chinese hacktivist groups like APT31 are accused of spying. The countries have taken action by imposing sanctions on Chinese entities. https://www.securityweek.com/uk-new-zealand-accuse-china-of-cyberattacks-on-government-entities/ ⛩️ Finland confirms APT31 hackers behind 2021 parliament breach cybercrime https://www.bleepingcomputer.com/news/security/finland-confirms-apt31-hackers-behind-2021-parliament-breach/

---

Some More, For the Curious

⛓️💣 xz supply chain corner 💣⛓️ this is THE BIG ONE this week. When linux distros tell you to stop using their product, something is wrong... advisories https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users timeline https://boehs.org/node/everything-i-know-about-the-xz-backdoor need to know https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/ summary in a pic https://infosec.exchange/@fr0gger/112189232773640259 all you can find in one link https://shellsharks.com/xz-compromise-link-roundup

🔒 Shostack + Friends Blog > The NVD Crisis security news – The National Vulnerability Database (NVD) is struggling and not issuing CVSS information to CVEs, causing concern for patch management. Recommendations include embracing cloud-native practices and automation to streamline patch deployment. https://shostack.org/blog/the-nvd-crisis/

🔍 CPE Enrichment in VulnCheck NVD++ security news – NIST NVD faces delay in CVE analysis, VulnCheck launches NVD++ for community accessibility. https://vulncheck.com/blog/nvd-cpe

0️⃣ We’re All in this Together – A Year in Review of Zero-Days Exploited In-the-Wild in 2023 security research – Google Threat Analysis Group https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf 🥸 Spyware and zero-day exploits increasingly go hand-in-hand, researchers find security research – Commercial spyware firms exploit 64% of zero-day mobile and browser vulnerabilities, targeting end-user devices for surveillance. https://cyberscoop.com/spyware-zero-days-2023/

⚙️ ZenHammer: Rowhammer Attacks on AMD Zen security research – bit flips https://comsec.ethz.ch/research/dram/zenhammer/

🎣 Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit security research – Sekoia uncovers Tycoon 2FA phishing kit, monitors infrastructure, and analyzes in-depth changes. https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/

🔒 Double trouble for DNSSEC though the devil is in the details vulnerability – Two DNSSEC vulnerabilities are disclosed, KeyTrap and NSEC3-encloser, with KeyTrap posing a greater threat. Concerns are raised about MITRE's assessment of the severity of the vulnerabilities. https://www.theregister.com/2024/03/26/software_risk_scores/

⚙️ Local Privilege Escalating my way to root through Apple macOS filesystems hacking writeup – CVE-2023-42931 in macOS involving filesystem mount options allows users to potentially escalate to root. https://www.alter-solutions.fr/blog/local-privilege-escalating-my-way-to-root-throught-apple-macos-filesystems

🚘 Zero days demonstrated at Pwn2Own 2024 security news – Google and Mozilla addressed zero-days discovered during Pwn2Own Vancouver 2024. https://securityaffairs.com/161151/security/google-chrome-zero-days-pwn2own-2024.html

🌑 The Darkside of TheMoon security research – Black Lotus Labs at Lumen Technologies discovered a multi-year campaign targeting end-of-life routers and IoT devices using an updated version of TheMoon malware. https://blog.lumen.com/the-darkside-of-themoon/

🔐 Cisco warns of password-spraying attacks targeting Secure Firewall devices warning https://securityaffairs.com/161205/hacking/cisco-warns-password-spraying-attacks.html

💰 Rewards for Justice – Reward Offer for Information on ALPHV BlackCat-linked Cyber Actors Targeting U.S. Critical Infrastructure cybercrime – Up to $10 million reward for info on ALPHV BlackCat ransomware targeting U.S. infrastructure https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-alphv-blackcat-linked-cyber-actors-targeting-u-s-critical-infrastructure/

⚠️CISA Corner Sharepoint, Ivanti, Fortinet – Update your s***! https://www.cisa.gov/news-events/alerts/2024/03/26/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/03/25/cisa-adds-three-known-exploited-vulnerabilities-catalog Safari & macOS https://www.cisa.gov/news-events/alerts/2024/03/27/apple-released-security-updates-safari-and-macos Cisco IOS and Access Points https://www.cisa.gov/news-events/alerts/2024/03/28/cisco-releases-security-updates-multiple-products

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights.

‼️ New feature warning – AI generated mini summaries‼️ Some of you reached out with feedback and asked for summaries of the articles. Well, I don't want to spend my own time on this, but chat-GPT should be quite good at this. So, I decided to script myself a little python thingy and you now get AI generated single line summaries and categorizations (which nearly double the length of a single post). This is a “work in progress”-feature. I would appreciate feedback and please let me know, if anything is off or I missed grave errors.

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlight 🤾‍♀️ Esports league postponed after players hacked midgame hacking news https://techcrunch.com/2024/03/18/esports-league-postponed-after-players-hacked-midgame/ https://www.theverge.com/2024/3/18/24104666/apex-legends-postpones-algs-competition-hack-concerns

---

For All

🤕 Meta to shutter key disinformation tracking tool before 2024 election warning – Meta's closure of CrowdTangle tool sparks criticism as groups fear impeded disinformation monitoring ahead of elections. https://therecord.media/meta-to-shutter-crowdtangle-disinformation-tracking-tool-before-election

🐬 FlipperZero – Our Response to the Canadian Government https://blog.flipper.net/response-to-canadian-government/

💸 Crypto scams more costly to US than ransomware, Feds say cybercrime – Investment fraud led to $4.57 billion losses in 2023, surpassing ransomware costs. https://www.theregister.com/2024/03/19/crypto_scams_cost/

🦐 How Spammers, Scammers and Creators Leverage AI-Generated Images on Facebook for Audience Growth cybercrime – Researchers analyze how spammers leverage AI-generated images, such as Shrimp Jesus, on Facebook for audience growth. https://cyber.fsi.stanford.edu/io/news/ai-spam-accounts-build-followers

🥸 Warning Against Infostealer Disguised as Installer malware – StealC malware disguised as installer distributed in mass, extorting various data through multiple redirections. https://asec.ahnlab.com/en/63308/

🔓 Email accounts of International Monetary Fund compromised data breach – 11 accounts breached, incident under investigation. https://securityaffairs.com/160641/hacking/international-monetary-fund-email-compromise.html

🍊 Remove WordPress miniOrange plugins, a critical flaw can allow site takeover vulnerability – Uninstall miniOrange plugins; critical privilege escalation flaw enabling site takeover. https://securityaffairs.com/160674/hacking/remove-wordpress-miniorange-plugins.html

🎎 Fujitsu hack raises questions, after firm confirms customer data breach data breach – Fujitsu warns of potential customer data theft due to malware, lacking details, and uncertain impact. https://grahamcluley.com/fujitsu-hack-raises-questions-after-firm-confirms-customer-data-breach/

🤖 FTC investigating Reddit plan to sell user content for AI model training privacy – Reddit's plan to sell user content for AI training sparks privacy concerns. https://therecord.media/ftc-investigating-reddit-selling-user-data-ai

🛑 Russians will no longer be able to access Microsoft cloud services, business intelligence tools general news – Microsoft will suspend access to cloud services for Russian users due to European sanctions post-invasion of Ukraine. https://therecord.media/russians-losing-access-microsoft-cloud-amazon

🩻 Here's why Twitter sends you to a different site than what you clicked security research – Twitter link previews can redirect to different websites; security flaw abused by scammers and threat actors. https://www.bleepingcomputer.com/news/security/heres-why-twitter-sends-you-to-a-different-site-than-what-you-clicked/

💧 Mozilla Drops Onerep After CEO Admits to Running People-Search Networks privacy – Mozilla ends partnership with Onerep after CEO's admission of founding numerous people-search services. https://krebsonsecurity.com/2024/03/mozilla-drops-onerep-after-ceo-admits-to-running-people-search-networks/

🌐 Nemesis darknet marketplace raided in Germany-led operation cybercrime https://therecord.media/nemesis-cybercrime-market-takedown-germany

---

more, For the Curious

📦 Opening Pandora-s box – Supply Chain Insider Threats in Open Source projects vulnerability – Open Source projects face supply chain insider threat risks, demonstrated through a responsible disclosure of an RCE vulnerability in AWS. https://boostsecurity.io/blog/opening-pandora-box-supply-chain-insider-threats-in-oss-projects

⛴️ Acoustic Side Channel Attack on Keyboards Based on Typing Patterns security research https://arxiv.org/pdf/2403.08740.pdf

👻 Shielding Networks From Androxgh0st malware – AndroxGh0st targets Laravel apps; abuses multiple CVEs for data extraction and RCE. https://blogs.juniper.net/en-us/security/shielding-networks-against-androxgh0st

📄 Abschlussbericht – Security Incident: Südwestfalen-IT https://notfallseite.sit.nrw/fileadmin/user_upload/SIT_Incident_Response_v1.1.pdf

🦜 VIDEO by PirateSoftware: Apex Legends Vulnerabilities – Investigation and Wrap Up hacking news https://www.youtube.com/watch?v=jHf6dkgXfVg

🗝️ Microsoft announces deprecation of 1024-bit RSA keys in Windows https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-deprecation-of-1024-bit-rsa-keys-in-windows/

⛈️ AcidRain | A Modem Wiper Rains Down on Europe malware – AcidRain wiper attack in Ukraine and Germany linked to Russian invasion, using a new ELF MIPS malware wiping modems and routers. https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/

🤏 We’re closer to a cybersecurity standard for smart home devices general news – CSA introduces IoT Device Security Specification and certification to ensure secure smart home devices globally. https://www.theverge.com/2024/3/18/24104906/csa-iot-device-security-specification-product-security-verification-mark

💔 Inside the Massive Alleged AT&T Data Breach data breach – 70 million AT&T records, including SSNs and DOBs, leaked on a public forum. https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach/

⚡ CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity warning – CISA and partners issue warning on PRC-sponsored Volt Typhoon cyber threat targeting U.S. critical infrastructure. https://www.cisa.gov/news-events/alerts/2024/03/19/cisa-and-partners-release-joint-fact-sheet-leaders-prc-sponsored-volt-typhoon-cyber-activity

🤨 Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry vulnerability https://www.cisa.gov/news-events/alerts/2024/03/21/ivanti-releases-security-updates-neurons-itsm-and-standalone-sentry

🍏 Unpatchable vulnerability in Apple chip leaks secret encryption keys vulnerability – Apple chip vulnerability leaks encryption keys due to prefetchers confusions with memory content. https://arstechnica.com/security/2024/03/hackers-can-extract-secret-encryption-keys-from-apples-mac-chips/

⚠️ Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days hacking news https://securityaffairs.com/160901/hacking/pwn2own-vancouver-2024-final-result.html

🦥 NVD slowdown leaves thousands of vulnerabilities without analysis data vulnerability – NVD stopped updating vulnerabilities analysis, leading to thousands of unanalyzed CVEs, affecting security tools and vulnerability management. https://www.theregister.com/2024/03/22/opinion_column_nist/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlights 🚸 Hackers are targeting a surprising group of people: young public school students Don't be afraid, but please be aware https://www.npr.org/2024/03/12/1237497833/students-schools-cybersecurity-hackers-credit

🔑 Open Source Password Managers: Overview, Pros & Cons Use a password manager! Please!!! https://www.techrepublic.com/article/open-source-password-manager/

---

For All

💁‍♀️ Microsoft says Windows 10 21H2 support is ending in June https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-10-21h2-support-is-ending-in-june/

✂ CISA forced to take two systems offline last month after Ivanti compromise https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise

🎭 CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms https://krebsonsecurity.com/2024/03/ceo-of-data-privacy-company-onerep-com-founded-dozens-of-people-search-firms/

🎦 Airbnb is banning indoor security cameras https://www.theverge.com/2024/3/11/24097107/airbnb-indoor-security-camera-ban

📷 Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries https://www.tomshardware.com/networking/wi-fi-jamming-to-knock-out-cameras-suspected-in-nine-minnesota-burglaries-smart-security-systems-vulnerable-as-tech-becomes-cheaper-and-easier-to-acquire

↔️ How to share sensitive files securely online https://www.welivesecurity.com/en/how-to/share-sensitive-files-securely-online/

🎨 ASCII art elicits harmful responses from 5 major AI chatbots https://arstechnica.com/security/2024/03/researchers-use-ascii-art-to-elicit-harmful-responses-from-5-major-ai-chatbots/

👃 Hackers can read private AI-assistant chats even though they’re encrypted TL;DR sniffing traffic can be enough https://arstechnica.com/security/2024/03/hackers-can-read-private-ai-assistant-chats-even-though-theyre-encrypted/

👨‍🦯 British authorities have never detected a breach of ransomware sanctions — but is that good or bad news? https://therecord.media/uk-authorities-have-never-detected-ransomware-payment-sanction-violation

Incognito Corner My big one this week. Bad guys acting like bad guys. What a surprise! 💣 Incognito Market: The not-so-secure dark web drug marketplace https://grahamcluley.com/incognito-market-the-not-so-secure-dark-web-drug-marketplace/ ♟ Incognito Darknet Market Mass-Extorts Buyers, Sellers https://krebsonsecurity.com/2024/03/incognito-darknet-market-mass-extorts-buyers-sellers/ 💰 Millions in BTC, XMR possibly stolen after reports of darknet market ‘exit scam’ https://cointelegraph.com/news/bitcoin-monero-reportedly-stolen-darknet-market-exit-scam

---

more, For the Curious

⏱ Risky Biz News: NIST NVD stopped enriching CVEs a month ago Recommending the main story of this weekly news summary https://news.risky.biz/risky-biz-news-nist-nvd-stopped-enriching-cves-last-month/

👩‍✈️ Microsoft’s Security Copilot Enters General Availability Scaaary! 😱 https://www.techrepublic.com/article/microsoft-security-copilot-experience-center/

🧆 Misconfiguration Manager – knowledge base for Microsoft Configuration Manager tradecraft and hardening guidance https://github.com/subat0mik/Misconfiguration-Manager

🧹 Using ChatGPT to Deobfuscate Malicious Scripts, (Wed, Mar 13th) https://isc.sans.edu/diary/rss/30740

🎡 What a Cluster: Local Volumes Vulnerability in Kubernetes CVE-2023-5528 writeup https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges

🦜 PixPirate: The Brazilian financial malware you can’t see https://securityintelligence.com/posts/pixpirate-brazilian-financial-malware/

🧞 Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

👨‍⚖️ On the new Dutch Intelligence and Security Law https://berthub.eu/articles/posts/dutch-intelligence-and-security-law/

👻 GhostRace – Exploiting and Mitigating Speculative Race Conditions https://www.vusec.net/projects/ghostrace/

💹 RisePro stealer targets Github users in “gitgub” campaign https://www.gdatasoftware.com/blog/2024/03/37885-risepro-stealer-campaign-github

🤪 Real-time, privacy-preserving URL protection https://security.googleblog.com/2024/03/blog-post.html

🧦 The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions https://blog.talosintelligence.com/ransomware-affiliate-model/

🧵 The 2024 Sophos Threat Report: Cybercrime on Main Street https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report

💼 Beware of the Messengers, Exploiting ActiveMQ Vulnerability Good read if you want to know a liitle more about “ActiveMQ” https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability

⚙ AUTOATTACKER: A Large Language Model Guided System to Implement Automatic Cyber-attacks https://arxiv.org/pdf/2403.01038.pdf

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlights ✖️ The new X calling feature can hurt your privacy https://techcrunch.com/2024/03/04/elon-musk-x-twitter-calling-privacy-switch-off/ ⚠️ IP address X-posure now a feature on Musk's social media thing https://www.theregister.com/2024/03/05/ip_address_xposure_now_a/

🧠 Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) – Update to 2023.11.4 Now JetBrains TeamCity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/

---

For All

🐄 Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC https://www.bleepingcomputer.com/news/security/content-farm-impersonates-60-plus-major-news-outlets-like-bbc-cnn-cnbc/

🐕 PetSmart warns of credential stuffing attacks trying to hack accounts Smart reaction! https://www.bleepingcomputer.com/news/security/petsmart-warns-of-credential-stuffing-attacks-trying-to-hack-accounts/

🦁 Predator spyware infrastructure taken down after exposure https://cyberscoop.com/predator-spyware-infrastructure-taken-down/

🎠 Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users https://www.malwarebytes.com/blog/news/2024/03/pegasus-spyware-creator-ordered-to-reveal-code-used-to-spy-on-whatsapp-users

📳 Surveillance through Push Notifications https://www.schneier.com/blog/archives/2024/03/surveillance-through-push-notifications.html

🫨 Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say https://www.wired.com/story/meta-hacked-users-draining-resources/

🍎 About the security content of iOS 17.4 and iPadOS 17.4 https://support.apple.com/en-us/HT214081

🖥️ VMware Releases Security Advisory for Multiple Products https://www.cisa.gov/news-events/alerts/2024/03/06/vmware-releases-security-advisory-multiple-products

❄️ Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

Change Healthcare/Alphv Corner Choose your source – this is the big one at the moment 🐈‍⬛ Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/ ❤️‍🩹 BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare https://krebsonsecurity.com/2024/03/blackcat-ransomware-group-implodes-after-apparent-22m-ransom-payment-by-change-healthcare/ ↘️ BlackCat ransomware shuts down in exit scam, blames the “feds” https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/ 🥷 Ransomware group behind Change Healthcare attack goes dark https://cyberscoop.com/ransomware-group-behind-change-healthcare-attack-goes-dark/ 🏟️ After collecting $22 million, AlphV ransomware group stages FBI takedown https://arstechnica.com/security/2024/03/alphv-ransomware-site-claims-it-was-seized-by-fbi-researchers-suspect-22m-scam/

---

more, For the Curious

🪲 Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices https://securityaffairs.com/160224/hacking/fortios-bug-cve-2024-21762-150k-devices.html

🗨️ Stealthy GTPDOOR Linux malware targets mobile operator networks I missed this one last week https://www.bleepingcomputer.com/news/security/stealthy-gtpdoor-linux-malware-targets-mobile-operator-networks/

⌛ Hackers exploited Windows 0-day for 6 months after Microsoft knew of it https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/

🧢 Living off the land with native SSH and split tunnelling https://www.pentestpartners.com/security-blog/living-off-the-land-with-native-ssh-and-split-tunnelling/

♣️ Delving into Dalvik: A Look Into DEX Files https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files

🦅 CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices https://www.cisa.gov/news-events/alerts/2024/03/07/cisa-and-nsa-release-cybersecurity-information-sheets-cloud-security-best-practices

👐 CISA Announces New Efforts to Help Secure Open Source Ecosystem https://www.cisa.gov/news-events/news/cisa-announces-new-efforts-help-secure-open-source-ecosystem

🐚 Does Confluence Dream of Shells? https://vulncheck.com/blog/confluence-dreams-of-shells

🧲 Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

📚 LEARNING LESSONS FROM THE CYBER-ATTACK “overview of the cyber-attack on the British Library that took place in October 2023” – 18 Pages worth the read https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

---

For All

🗨️ Webinar: Wie schütze ich mich vor Identitätsdiebstahl? https://www.watchlist-internet.at/news/webinar-wie-schuetze-ich-mich-vor-identitaetsdiebstahl/

🍼 Nevada sues to deny kids access to Meta's Messenger encryption https://www.theregister.com/2024/02/26/nevada_meta_encryption/

🖨️ Someone is hacking 3D printers to warn owners of a security flaw https://www.bitdefender.com/blog/hotforsecurity/someone-is-hacking-3d-printers-to-warn-owners-of-a-security-flaw/

📚 AI-generated articles prompt Wikipedia to downgrade CNET’s reliability rating https://arstechnica.com/information-technology/2024/02/wikipedia-downgrades-cnets-reliability-rating-after-ai-generated-articles/

📅 Calendar Meeting Links Used to Spread Mac Malware https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/

🤗 Hugging Face, the GitHub of AI, hosted code that backdoored user devices https://arstechnica.com/security/2024/03/hugging-face-the-github-of-ai-hosted-code-that-backdoored-user-devices/

⚠️ Hacker-Gruppe fordert Bitcoins: Erpresserische E-Mails enthalten Wohnadresse als Druckmittel https://www.watchlist-internet.at/news/hacker-gruppe-fordert-bitcoins-erpresserische-e-mails-enthalten-wohnadresse-als-druckmittel/

👣 Act now to stop WordPress and Tumblr selling your content to AI firms https://grahamcluley.com/act-now-to-stop-wordpress-and-tumblr-selling-your-content-to-ai-firms/

🛫 Booking.com refund request? It might be an Agent Tesla malware attack https://grahamcluley.com/booking-com-refund-request-it-might-be-an-agent-tesla-malware-attack/

🚗 Steel giant ThyssenKrupp confirms cyberattack on automotive division https://www.bleepingcomputer.com/news/security/steel-giant-thyssenkrupp-confirms-cyberattack-on-automotive-division/

🔍 Russland will Millionen Accounts in sozialen Netzwerken automatisch überwachen https://netzpolitik.org/2024/kreml-leaks-russland-will-millionen-accounts-in-sozialen-netzwerken-automatisch-ueberwachen/

🌏 Biden executive order seeks to cut China off from Americans’ sensitive data https://cyberscoop.com/data-broker-executive-order-china/

⛓️ Husqvarna ports Doom to a robot lawnmower – not, thankfully, its chainsaws https://go.theregister.com/feed/www.theregister.com/2024/02/28/husqvarna_doom_robomower_port/

🎪 Police seized Crimemarket, the largest German-speaking cybercrime marketplace https://securityaffairs.com/159813/cyber-crime/germany-police-seized-crimemarket.html

---

more, For the Curious

🗨️ Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities some more I-Soon https://securityaffairs.com/159595/hacking/i-soon-chinese-firm-data-leak.html

🧑‍🏫 CISA cautions against using hacked Ivanti VPN gateways even after factory resets https://www.bleepingcomputer.com/news/security/cisa-cautions-against-using-hacked-ivanti-vpn-gateways-even-after-factory-resets/

🖼️ NIST Cybersecurity Framework 2.0 https://www.nist.gov/cyberframework

🎖️Advanced Web Penetration Testing Certification HTB starting to certify your skill now https://academy.hackthebox.com/preview/certifications/htb-certified-web-exploitation-expert

🏭 Cybercrims: When we hit IT, they sometimes pay, but when we hit OT... jackpot https://www.theregister.com/2024/02/27/manufacturing_sector_malware/

🍷 European diplomats targeted by SPIKEDWINE with WINELOADER https://www.zscaler.com/blogs/security-research/european-diplomats-targeted-spikedwine-wineloader

🐲 BEAST AI needs just a minute of GPU time to make an LLM fly off the rails https://www.theregister.com/2024/02/28/beast_llm_adversarial_prompt_injection_attack/

📦 GitHub besieged by millions of malicious repositories in ongoing attack https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-ongoing-attack/

🦟 The Art of Domain Deception: Bifrost's New Tactic to Deceive Users https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/

🚪 Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways CISA and Partners https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b

🕵️ Predator spyware endures even after widespread exposure, analysis shows https://cyberscoop.com/predator-spyware-endures-after-exposure/

Lockbit takedown Corner – again 🔨 FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. He even talked to gang leader “lockbitsup” https://krebsonsecurity.com/2024/02/fbis-lockbit-takedown-postponed-a-ticking-time-bomb-in-fulton-county-ga/

🆙 Is the LockBit gang resuming its operation? Experts warn that the LockBit ransomware group has started using updated encryptors in new attacks,... https://securityaffairs.com/159757/cyber-crime/lockbit-gang-resuming-operation.html

🃏 Fulton County, Security Experts Call LockBit’s Bluff https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

---

For All

🕵️‍♀️ Brussels spyware bombshell: Surveillance software found on officials’ phones https://www.politico.eu/article/parliament-defense-subcommittee-phones-checked-for-spyware/

🚔 Police arrests LockBit ransomware members, release decryptor in global crackdown The big one this week. https://securityaffairs.com/159360/cyber-crime/operation-cronos-disrupted-lockbit-operation.html https://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/ 🚓 More details about Operation Cronos that disrupted Lockbit operation https://securityaffairs.com/159388/cyber-crime/operation-cronos-against-lockbit.html

🥵 Reddit signs AI training deal with Google – and why OpenAI's Altman could be the winner https://www.theregister.com/2024/02/22/reddit_google_license_ipo_altman/

👾 Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data https://www.theverge.com/2024/2/22/24080135/avast-security-privacy-software-ftc-fine-data-harvesting 💰 Avast shells out $17M to shoo away claims it peddled people's personal data https://www.theregister.com/2024/02/23/avast_ftc_settlement/

🚪 DoorDash coughs up a few bucks after California accuses it of spreading around customer info https://www.theregister.com/2024/02/22/doordash_ccpa_settlement/

📹 Wyze security incident allowed strangers to see into some users’ homes https://therecord.media/wyze-camera-security-incident-allowed-strangers-to-see-into-homes

🧬 Vietnam to collect biometrics – even DNA – for new ID cards https://www.theregister.com/2024/02/20/vietnam_id_cards_dna/

🗨️ Signal will soon let you share a username instead of your phone number Already available as beta tester https://www.theverge.com/2024/2/20/24078395/signal-username-phone-number-beta

⚖️ Europe's data protection laws cut data storage by making information-wrangling pricier https://www.theregister.com/2024/02/21/gdpr_data_processing_costs/

Fun read corner *(at least for me)* 📤 Thanks FedEx, This is Why we Keep Getting Phished Fun read (at least for me) https://www.troyhunt.com/thanks-fedex-this-is-why-we-keep-getting-phished/

👠 The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger – I never thought I was the kind of person to fall for a scam. Long, but amazingly relateable https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html

---

more, For the Curious

💧 Documents from a Chinese government spyware vendor Anxun leaked to GitHub THE 2nd BIG ONE for this week. “I-S00N” Newsarticles https://www.lawfaremedia.org/article/the-i-soon-data-leak-disruption-disruption-everywhere https://krebsonsecurity.com/2024/02/new-leak-shows-business-side-of-chinas-apt-menace/ https://www.theregister.com/2024/02/22/i_soon_china_infosec_leak/ https://cyberscoop.com/isoon-chinese-apt-contractor-leak/ other sources https://news.ycombinator.com/item?id=39426379 https://github.com/mttaggart/I-S00N/tree/main/0

🐎 Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach/

🔋 VARTA – Statement, VARTA makes good progress in solving the cyberattack https://www.varta-ag.com/en/about-varta/news/details/varta-makes-good-progress-in-solving-the-cyberattack

💨 Dusting Off Old Fingerprints: NSO Group’s Unknown MMS Hack Missed this one last week. https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/

🚢 Biden signs executive order to give Coast Guard added authority over maritime cyber threats https://cyberscoop.com/biden-executive-order-coast-guard-cyber/

💯 How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity https://blog.talosintelligence.com/how-cvss-4-0-changes-vulnerability-severity/

🪤 The scary DNS “KeyTrap” bug explained in plain words Thank you cert.at for this one. I really struggled to find a good description... https://pducklin.com/2024/02/18/the-scary-dns-keytrap-bug-explained-in-plain-words/

🌩 Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers https://www.securityweek.com/researchers-devise-voltschemer-attacks-targeting-wireless-chargers/

⚔ Two days into the Digital Services Act, EU wields it to deepen TikTok probe https://www.theregister.com/2024/02/20/eu_tiktok_investigation/

🪖 Now the ‘most dangerous time I can remember,’ warns British military’s cyber general https://therecord.media/gen-jim-hockenhull-most-dangerous-time-national-security

🍐 Apple created post-quantum cryptographic protocol PQ3 for iMessage https://securityaffairs.com/159543/security/post-quantum-cryptographic-protocol-pq3.html

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

---

For All

👨‍👩‍👧‍👦 One in five children found to engage in illegal activity online https://www.nationalcrimeagency.gov.uk/news/one-in-five-children-found-to-engage-in-illegal-activity-online

📶 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data https://securityaffairs.com/159003/security/public-wi-fi-attacks.html

😨 Quarter of polled Americans say they use AI to make them hotter in online dating https://www.theregister.com/2024/02/12/generative_ai_online_dating_boost/

🛍️ Angreifer spoofen Temu – German! https://www.zdnet.de/88414209/angreifer-spoofen-temu/

👩‍⚖️ Backdoors that let cops decrypt messages violate human rights, EU court says https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/

👀 EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme https://www.securityweek.com/eu-watchdog-urged-to-reject-meta-pay-for-privacy-scheme/

♻ Meta says risk of account theft after phone number recycling isn't its problem to solve https://www.theregister.com/2024/02/13/meta_phone_security_number_recycling/

🗳 Global Malicious Activity Targeting Elections is Skyrocketing https://securityaffairs.com/159062/hacking/global-malicious-activity-targeting-elections.html

🤱 Broker sold Planned Parenthood visitor location data to pro-life group, senator says Nothing to hide... https://therecord.media/broker-sold-planned-parenthood-data-wyden

🏥 A ransomware attack took 100 Romanian hospitals down https://securityaffairs.com/159093/cyber-crime/romanian-hospitals-ransomware-attack.html

---

more, For the Curious

🧩 Rhysida ransomware cracked! Free decryption tool released https://www.tripwire.com/state-of-security/rhysida-ransomware-cracked-free-decryption-tool-released

🆓 Broadcom terminates VMware's free ESXi hypervisor https://www.theregister.com/2024/02/13/broadcom_ends_free_esxi_vsphere/

💫 Raspberry Robin spotted using two new 1-day LPE exploits https://securityaffairs.com/158969/malware/raspberry-robin-1-day-exploits.html

🐬 Flipper Zero takes to the big screen Flipper with video output! https://www.theregister.com/2024/02/13/flipper_zero_vgm/

🐞 New critical Microsoft Outlook RCE bug is trivial to exploit https://www.bleepingcomputer.com/news/security/new-critical-microsoft-outlook-rce-bug-is-trivial-to-exploit/

💸 Pennsylvania county pays $350,000 cyberattack ransom https://therecord.media/pennsylvania-county-pays-cyberattack-ransom

🧧 US, Estonia to send confiscated Russian funds to Ukraine. Are ransomware proceeds next? https://therecord.media/us-estonia-sending-confiscated-russian-funds

⚡ Espressif ESP32: Breaking HW AES with Electromagnetic Analysis Glitching your thing https://raelize.com/blog/espressif-systems-esp32-breaking-hw-aes-with-electromagnetic-analysis/

---

CISA Advisory Corner Microsoft – Actively Exploited! Ⓜ Microsoft Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/microsoft-releases-security-updates-multiple-products Adobe 🅰 Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/adobe-releases-security-updates-multiple-products BIND 9 🅱 ISC Releases Security Advisories for BIND 9 https://www.cisa.gov/news-events/alerts/2024/02/13/isc-releases-security-advisories-bind-9 🏭 CISA Releases Seventeen Industrial Control Systems Advisories A lot of Siemens https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-releases-seventeen-industrial-control-systems-advisories 🧱 CISA Adds Two Known Exploited Vulnerabilities to Catalog Cisco ASA and Exchange https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-adds-two-known-exploited-vulnerabilities-catalog

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight 🪥 How to tell if your toothbrush is being used in a DDoS attack https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack Wanna know more? See end of post.

🏙 Betrug: Falsche Briefe der Stadt verschickt https://wien.orf.at/stories/3243868/

---

For All

🏴‍☠️ How are user credentials stolen and used by threat actors? https://blog.talosintelligence.com/how-are-user-credentials-stolen-and-used-by-threat-actors/

👩‍🏭 Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html

🔲 QR Codes – what's the real risk? https://www.ncsc.gov.uk/blog-post/qr-codes-whats-real-risk

🥸 Fake LastPass password manager spotted on Apple-s App Store https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/

🕵️‍♀️ Buying Spying: How the commercial surveillance industry works and what can be done about it Wanna know more? Full report by Google further down https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/

🧹 Mozilla’s new service tries to wipe your data off the web https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests

🏷 Meta announcement: Labeling AI-Generated Images on Facebook, Instagram and Threads https://about.fb.com/news/2024/02/labeling-ai-generated-images-on-facebook-instagram-and-threads/

🌆How to Protect Your Social Media Accounts Good tips. You can skip the score... https://www.mcafee.com/blogs/privacy-identity-protection/how-to-protect-your-social-media-accounts/

👑 Want to watch porn in Britain? Get your passport ready https://www.politico.eu/article/the-great-british-porn-block-is-back/

---

more, For the Curious

👨‍🔧OT Maintenance Is Primary Source of OT Security Incidents: Report https://www.securityweek.com/ot-maintenance-is-primary-source-of-ot-security-incidents-report/

🔨 mlcsec/proctools: Small toolkit for extracting information and dumping sensitive strings from Windows processes https://github.com/mlcsec/proctools

🚘 How I Also Hacked my Car https://goncalomb.com/blog/2024/01/30/f57cf19b-how-i-also-hacked-my-car

🧾 Full Report by Google – Buying Spying Insights into Commercial Surveillance Vendors https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf

🔓 VIDEO: Breaking Bitlocker – Bypassing the Windows Disk Encryption (by stacksmashing) https://www.youtube.com/watch?v=wTl4vEednkQ

🩲 The Real Shim Shady – How CVE-2023-40547 Impacts Most Linux Systems https://eclypsium.com/blog/the-real-shim-shady-how-cve-2023-40547-impacts-most-linux-systems/

📡 CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers https://therecord.media/kyivstar-ceo-on-russian-cyberattack-telecom

📵 Taking Apart an Android SMS Stealer https://vaktibabat.github.io/posts/Android_SMS_Stealer/

💫 Combining Cybersecurity Frameworks: An Alternative to Incident Reporting https://medium.com/@s.lontzetidis/combining-cybersecurity-frameworks-an-alternative-to-incident-reporting-9d642d9a5456

Doubt corner – don't believe everything! 📹 Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ !! Doubtfull story. Source article seems to be this from scmp.com. https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html

🦷 3 million smart toothbrushes were just used in a DDoS attack. Really !! ⚠ NOT true!! @GossiTheDog@cyberplace.social and Forbes https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-just-used-in-a-ddos-attack-really/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight ☝️ Fingerabdruck-Sensor: Tochter kann Google Pixel 8 entsperren TL:DR in English: Saving the same finger twice leads to more collisions https://www.kuketz-blog.de/fingerabdruck-sensor-tochter-kann-google-pixel-8-entsperren/

---

For All

📳How to stop location tracking on your Android phone (mostly) https://www.theverge.com/21401280/android-location-tracking-history-stop-how-to

🧢 Fake Bill Ackman and Jim Cramer Instagram Ads are Trying to Take My Money https://www.404media.co/fake-bill-ackman-and-jim-cramer-instagram-ads-are-trying-to-take-my-money/

🫥 Rise of deepfake threats means biometric security measures won't be enough https://www.theregister.com/2024/02/01/deepfake_threat_biometrics/

🕵️‍♂️ NSA Buying Bulk Surveillance Data on Americans without a Warrant https://www.schneier.com/blog/archives/2024/01/nsa-buying-bulk-surveillance-data-on-americans-without-a-warrant.html

🚘 A mishandled GitHub token exposed Mercedes-Benz source code https://www.bleepingcomputer.com/news/security/a-mishandled-github-token-exposed-mercedes-benz-source-code/

🏠 So werden Sie bei der Wohnungssuche abgezockt https://www.watchlist-internet.at/news/so-werden-sie-bei-der-wohnungssuche-abgezockt/

🥸 Spyware Targets Human Rights Watch Staff in Jordan https://www.hrw.org/news/2024/02/01/spyware-targets-human-rights-watch-staff-jordan

---

more, For the Curious

🐧 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

📃 CISA adds multiple new KEV entries. These are two of them. Apple – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog Ivanti – https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-adds-one-known-exploited-vulnerability-catalog-0

👮 Exclusive: US disabled Chinese hacking network targeting critical infrastructure https://www.reuters.com/world/us/us-disabled-chinese-hacking-network-targeting-critical-infrastructure-sources-2024-01-29/

🦃 Cloudflare Blog – Thanksgiving 2023 security incident https://blog.cloudflare.com/thanksgiving-2023-security-incident

💾 The Data Breach “Personal Stash” Ecosystem https://www.troyhunt.com/the-data-breach-personal-stash-ecosystem/

📄 Südwestfalen-IT: Forensik-Bericht zu Ransomware-Angriff So geht man mit einem Incident um! https://forumwk.de/2024/01/25/suedwestfalen-it-forensik-bericht-mit-erkenntnissen-zu-ransomware-angriff/

🖨️ A Practical Guide to PrintNightmare in 2024 https://itm4n.github.io/printnightmare-exploitation/

🐘 Critical Mastodon Vulnerability – Update now https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

🍯 There Are Too Many Damn Honeypots https://vulncheck.com/blog/too-many-honeypots

Ivanti Corner 🚧 New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways Ivanti gets bigger and bigger... https://www.cisa.gov/news-events/alerts/2024/01/30/new-mitigations-defend-against-exploitation-ivanti-connect-secure-and-policy-secure-gateways

🚫 Supplemental Direction V1: ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities Oh, wow. CISA Orders to “...disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.” https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure

AnyDesk Corner 🛂 AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.html 🛂 AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials https://securityonline.info/anydesk-breach-2024-dark-web-sale-of-18317-credentials/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

---

For All

❌ AI Bots on X (Twitter) Neat hack to identify AI bots. https://www.schneier.com/blog/archives/2024/01/ai-bots-on-x-twitter.html

🔍 Using Google Search to Find Software Can Be Risky https://krebsonsecurity.com/2024/01/using-google-search-to-find-software-can-be-risky/

📜 Testing TLS and Certificates Ever wondered what these “certificates” are good for? https://www.blackhillsinfosec.com/testing-tls-and-certificates/

🍏 Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html

🧬 Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months https://go.theregister.com/feed/www.theregister.com/2024/01/26/23_and_me_breach_filing/

🪡 Trolls have flooded X with graphic Taylor Swift AI fakes https://www.theverge.com/2024/1/25/24050334/x-twitter-taylor-swift-ai-fake-images-trending

🐻 Russia social media outage likely caused by state internet regulator https://therecord.media/russia-social-media-outages-roskomnadzor

🐽 These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy https://www.404media.co/these-are-the-notorious-nsa-furby-documents-showing-spy-agency-freaking-out-about-childrens-toy/

🕵️ The NSA Buys Web Browsing Data Without A Warrant, Letter Shows https://packetstormsecurity.com/news/view/35451/The-NSA-Buys-Web-Browsing-Data-Without-A-Warrant-Letter-Shows.html

👩‍⚖️ French regulators levy €32 million fine against Amazon for surveilling employees https://therecord.media/french-regulators-levy-fine-against-amazon-for-monitoring-practices

---

more, For the Curious

🚘 Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive https://www.securityweek.com/hackers-earn-1-3m-for-tesla-ev-charger-infotainment-exploits-at-pwn2own-automotive/

📄 CISA Adds CVE-2024-23222 to Known Exploited Vulnerability Catalog https://www.cisa.gov/news-events/alerts/2024/01/23/cisa-adds-one-known-exploited-vulnerability-catalog

🪖 How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/

🤵 Jenkins Security Advisory 2024-01-24 – CVE-2024-23897 https://www.jenkins.io/security/advisory/2024-01-24/ https://github.com/gquere/pwn_jenkins/blob/master/README.md

Ⓜ️ Microsoft explains how Russian hackers spied on its executives https://www.theverge.com/2024/1/26/24051708/microsoft-hack-russian-security-attack-senior-leadership-emails

🦮 Guidance on Assembling a Group of Products SBOM? SBOM! https://www.cisa.gov/resources-tools/resources/guidance-assembling-group-products

🍘 Building a Password Cracker https://www.sevnx.com/blog/post/building-a-password-cracker

🧠 The near-term impact of AI on the cyber threat https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub