📰wrzlbrmpft's cyberlights💥

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Highlights 🪧 IT-KV: Verhandlungen erneut unterbrochen – Demonstration am 24. Jänner I know. It's not much security and just a little cyber https://www.gpa.at/kollektivvertrag/information-und-consulting/informationstechnologie/2024/it-kv-sechste-runde

🚨 Watch out for “I can't believe he is gone” Facebook phishing posts https://www.bleepingcomputer.com/news/security/watch-out-for-i-cant-believe-he-is-gone-facebook-phishing-posts/

---

For All

👻 Vorsicht vor Kryptoscams, die in Wien auf der Straße liegen https://www.derstandard.at/story/3000000203274/vorsicht-vor-kryptoscams-die-in-wien-auf-der-strasse-liegen

🏢 Microsoft ‘senior leadership’ emails accessed by Russian SolarWinds hackers Official blog post in second link https://www.theverge.com/2024/1/19/24044561/microsoft-senior-leadership-emails-hack-russian-security-attack https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

😾 Meta won't remove fake Instagram profiles used for obvious catfishing https://www.bleepingcomputer.com/news/security/meta-wont-remove-fake-instagram-profiles-used-for-obvious-catfishing/

📴 GrapheneOS: Frequent Android auto-reboots block firmware exploits https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/

🍎 A reboot a day can keep the ******** away https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/

📘 Each Facebook User is Monitored by Thousands of Companies !!!!! !!!!!! https://themarkup.org/privacy/2024/01/17/each-facebook-user-is-monitored-by-thousands-of-companies-study-indicates

👨‍⚖️ IT-Experte wegen Nutzung einer Zugriffssoftware verurteilt https://www.golem.de/news/modern-solution-it-experte-wegen-nutzung-einer-zugriffssoftware-verurteilt-2401-181296.html

👩‍⚖️ FTC settles second case with geolocation data broker in two weeks https://therecord.media/ftc-settles-data-broker-case-geolocation

🥟 Researcher uncovers one of the biggest password dumps in recent history For more info, see the very last entry of this week 😉 https://arstechnica.com/?p=1996879

⛺ Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html

📻 Amazon plans to charge for Alexa in June—unless internal conflict delays revamp https://arstechnica.com/gadgets/2024/01/alexa-is-in-trouble-paid-for-alexa-gives-inaccurate-answers-in-early-demos/ |sarcasm on| Amazon beeing like: If you are dumb enough to put a listening spy-device in your home you are also dumb enough to pay monthly for it (Sorry, but this is just borderline idiotic to me).

🗣 OpenVoice: Versatile Instant Voice Cloning https://research.myshell.ai/open-voice

🏭 Researcher Details Critical Buffer Overflow Vulnerability in Popular Factorio Game https://securityonline.info/researcher-details-critical-buffer-overflow-vulnerability-in-popular-factorio-game/

🏛 Unseen images of code breaking computer that helped win WW2 Not news, but soooo cool https://www.bbc.com/news/technology-67997406

---

more, For the Curious

🔮 EasyEASM – Zero-dollar Attack Surface Management Tool https://www.kitploit.com/2024/01/easyeasm-zero-dollar-attack-surface.html

🗡️ BobTheSmuggler: Your Covert Cyber Swiss Knife for Undetectable Payload Delivery https://medium.com/@TheCyb3rAlpha/bobthesmuggler-your-covert-cyber-swiss-knife-for-undetectable-payload-delivery-bc84f3037522

Ⓜ️ Microsoft Teams Covert Channels Research https://blog.compass-security.com/2024/01/microsoft-teams-covert-channels-research/

👷Is Hardware-Glitching your Thing? 1 https://sec-consult.com/blog/detail/secglitcher-part-1-reproducible-voltage-glitching-on-stm32-microcontrollers/ 2 https://www.synacktiv.com/en/publications/how-to-voltage-fault-injection

💽 CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service https://www.thezdi.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service

📃 CISA Added the current Ivanti Vulnerability to their KVE list I kind of avoided mentioning the big one. I guess it had to happen. https://www.cisa.gov/news-events/alerts/2024/01/18/cisa-adds-one-known-exploited-vulnerability-catalog

💦 CISA, FBI and EPA release an Incident Response Guide for the WWS Sector There are some cool resources in there, if you dare shaving the yak. https://www.cisa.gov/news-events/alerts/2024/01/18/incident-response-guide-wws-sector

📨 Stealing your email with a .txt file https://blog.strikeready.com/blog/stealing-your-email-with-a-.txt-file/

🚪 Inside the Massive Naz.API Credential Stuffing List https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

---

For All

💸 Bitcoin price jumps after hackers hijack SEC Twitter account https://cyberscoop.com/sec-bitcoin-etf-gensler/

🐺 Deepfaked Celebrity Ads Promoting Medicare Scams Run Rampant on YouTube https://www.404media.co/joe-rogan-taylor-swift-andrew-tate-ai-deepfake-youtube-medicare-ads/

📘 Do You Suddenly Need To Delete Your Facebook App? a little long – FBs “new” feature Link-History is getting some attention. https://www.forbes.com/sites/zakdoffman/2024/01/08/serious-new-facebook-warning-for-apple-iphone-and-google-android-users/

🚸 Under pressure, Meta say it will change how it delivers some content to children https://therecord.media/meta-to-change-content-minors

🍔 Burger King Giving Discounts If Facial Recognition Thinks You're Hungover for me this is between cringe an crazy😵‍💫 https://gizmodo.com/burger-king-giving-discounts-if-facial-recognition-thin-1851124496

🚢 Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages I missed this one last week! https://securityaffairs.com/156994/laws-and-regulations/merck-settles-notpetya-insurance.html

🔐 2 new “smart locks” for 🤨 and ✋ Why is this a good idea?😨 https://www.theverge.com/2024/1/8/24025150/lockly-visage-facial-recognition-smart-lock-matter-home-key https://www.theverge.com/2024/1/8/24025616/philips-door-lock-palm-recognition-smart-deadbolt-ces

🔧 Vulnerabilities found in high-power Bosch wrenches popular with carmakers Network connected wrenches!?!?! 🤯 https://therecord.media/bosch-rexroth-pneumatic-wrenches-vulnerabilities-disclosed

👩‍⚖️ FTC settles unprecedented case against geolocation data broker https://therecord.media/ftc-settles-case-geolocation-data-broker-xmode-outlogic

---

more, For the Curious

🐀 Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

👴 Age-old problems to sharing cyber threat info remain, IG report finds https://cyberscoop.com/cyber-threat-sharing-report-odni/

🐟 Inside a $20 Million Coinbase Phishing Ring https://www.404media.co/inside-a-20-million-coinbase-phishing-ring/

🖨️ Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks – source https://www.reuters.com/markets/deals/hewlett-packard-enterprise-nears-13-bln-deal-buy-juniper-networks-wsj-2024-01-08/

Bugs and CVEs 🧫 GitLab fixed a critical zero-click account hijacking flaw zero-click! update if you use it!! https://securityaffairs.com/157389/security/gitlab-zero-click-account-hijacking-flaw.html

🛅 CVE-2023-46647 Improper privilege management in all versions of GitHub Enterprise Server https://nvd.nist.gov/vuln/detail/CVE-2023-46647

🆕 new CISA Known Exploited Adobe, Apple, D-Link and Joomla https://www.cisa.gov/news-events/alerts/2024/01/08/cisa-adds-six-known-exploited-vulnerabilities-catalog Sharepoint https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Currently in Austria 🅰️ Massenhaft Phishing-Mails im Namen von A1 im Umlauf https://www.watchlist-internet.at/news/sofortiges-handeln-erforderlich-massenhaft-phishing-mails-im-namen-von-a1-im-umlauf/

---

For All

🤦‍ A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier https://arstechnica.com/?p=1993801

🥸 Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html

🎄 Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data https://securityaffairs.com/156560/deep-web/leaksmas-dark-web-data-leak.html

📠 After ransomware claims, Xerox says subsidiary hit with cyberattack https://therecord.media/xerox-xbs-cyberattack

🥷 Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html

🧑‍⚖️ Court hearings become ransomware concern after justice system breach https://go.theregister.com/feed/www.theregister.com/2024/01/02/victoria_court_system_breach/

🐻 Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html

---

more, For the Curious

📌 Nearly 11 million SSH servers vulnerable to new Terrapin attacks https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/

🔃 New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html

📇 CISA Adds Two Known Exploited Vulnerabilities to Catalog These are for Excel and Chrome. Fixes exist! Update! https://www.cisa.gov/news-events/alerts/2024/01/02/cisa-adds-two-known-exploited-vulnerabilities-catalog

🍏 4-year campaign backdoored iPhones using possibly the most advanced exploit ever https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature

🛫 Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion https://www.darkreading.com/ics-ot-security/airbus-acquire-atos-cybersecurity-unit-2-billion

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

For All

🎧 Spotify music converter TuneFab puts users at risk https://securityaffairs.com/156659/security/spotify-music-converter-tunefab-data-leak.html

⬛ New Black Basta decryptor exploits ransomware flaw to recover files encrypted between November 2022 earlier this month https://www.databreaches.net/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files-encrypted-between-november-2022-earlier-this-month/

Games 🎮 Game mod on Steam breached to push password-stealing malware https://www.bleepingcomputer.com/news/security/game-mod-on-steam-breached-to-push-password-stealing-malware/

🎮 GTA 5 source code reportedly leaked online a year after RockStar hack https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/

Health 💊 Australia: St Vincent’s unable to confirm if medical records stolen Comment: No Logs –> no visibility –> no clue https://www.databreaches.net/au-st-vincents-unable-to-confirm-if-medical-records-stolen/

🏥 Lockbit ransomware disrupts emergency care at German hospitals https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/

🏥 Hospitals ask courts to force cloud storage firm to return stolen data https://www.bleepingcomputer.com/news/security/hospitals-ask-courts-to-force-cloud-storage-firm-to-return-stolen-data/

more, For the Curious

🚨 SSH ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385) https://threatprotect.qualys.com/2023/12/26/ssh-proxycommand-unexpected-code-execution-vulnerability-cve-2023-51385/

🐍 New Version of Meduza Stealer Released in Dark Web https://securityaffairs.com/156598/malware/meduza-stealer-released-dark-web.html

🍎 Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html

📧 SMTP Smuggling a little older but popped up, because of #37c3 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

🍪🎄 Happy holidays to you all! 🎅🍪

---

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

---

Update your Browser! 💻 Google addressed a new actively exploited Chrome zero-day https://securityaffairs.com/156231/security/google-addressed-a-new-actively-exploited-chrome-zero-day.html

For Everyone

🤖 Facebook Is Being Overrun With Stolen, AI-Generated Images That People Think Are Real https://www.404media.co/facebook-is-being-overrun-with-stolen-ai-generated-images-that-people-think-are-real/

🧑‍⚖️ Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay https://therecord.media/lapsus$-hacker-sentencing-uk

❌ EU launches formal probe into potential misconduct by X https://therecord.media/european-commission-x-investigation-illegal-content

🛑 Akute Welle an DDoS Angriffen auf staatsnahe und kritische Infrastruktur in Österreich https://cert.at/de/aktuelles/2023/12/akute-welle-an-ddos-angriffen-auf-staatsnahe-und-kritische-infrastruktur-in-osterreich

🤦 U.S. water utilities were hacked after leaving their default passwords set to ‘1111,’ cybersecurity officials say https://www.databreaches.net/u-s-water-utilities-were-hacked-after-leaving-their-default-passwords-set-to-1111-cybersecurity-officials-say/

📱 Threema published a blog post regarding the topic of “Survailance via push notifications” Comment: This is how such things should always be handled! https://threema.ch/en/blog/posts/push-notifications-and-data-privacy

🗨️ FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Comment: Ever wanted to know what the FBI advises regarding ransomware? Spoiler: It's kind of what security folks are advising all day. 😏 https://www.cisa.gov/news-events/alerts/2023/12/18/fbi-cisa-and-asds-acsc-release-advisory-play-ransomware

---

more, For the Curious

🎆 Year in Malware 2023: Recapping the major cybersecurity stories of the past year https://blog.talosintelligence.com/year-in-malware-2023-timeline/

🏥 Health data breaches hit an all-time high in 2023 https://www.databreaches.net/health-data-breaches-hit-an-all-time-high-in-2023/

🏭 Hacktivists boast: We shut down Iran's gas pumps today https://go.theregister.com/feed/www.theregister.com/2023/12/18/hacktivists_shut_down_irans_petrol/

🖥️ New “Terrapin” Attack on the SSH transport protocol with certain OpenSSH extensions, before 9.6 https://terrapin-attack.com/#question-answer https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

🐈‍⬛ BlackCat Ransomware Raises Ante After FBI Disruption https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/

---

A peculiar cluster of current phishing warnings this week?

📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/

📧 Fake F5 BIG-IP zero-day warning emails push data wipers https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/

📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

---

Update your phones! 📱 Apple iOS Zero Days https://support.apple.com/en-us/HT214039

Update your computers! 💻 Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html

For Everyone

🚆 Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them If you have not read about that story, here is a current article https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/

💰 Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken! https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-whatsapp-und-co-locken/

📱 How worried should we be about the “AutoSpill” credential leak in Android password managers? https://arstechnica.com/?p=1990601

💬 Meta brings end-to-end encryption to Messenger Sometimes there are some good news too! https://arstechnica.com/tech-policy/2023/12/meta-defies-fbi-opposition-to-encryption-brings-e2ee-to-facebook-messenger/

🎮 Counter-Strike 2 HTML injection bug exposes players’ IP addresses https://www.bleepingcomputer.com/news/security/counter-strike-2-html-injection-bug-exposes-players-ip-addresses/

📱 Apple fixed the iPhone’s Flipper Zero problem https://www.theverge.com/2023/12/15/24003406/apple-iphone-flipper-zero-fix-ios-17-2

---

more, For the Curious

📞 Major Cyber Attack Paralyzes Kyivstar – Ukraine's Largest Telecom Operator https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html

💧 Two-day water outage in remote Irish region caused by pro-Iran hackers https://therecord.media/water-outage-in-ireland-county-mayo

🧓📰 Lazarus Group Using Log4j Exploits Remember Log4j? Still a valuable target. https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html

💽 MongoDB investigates a cyberattack, customer data exposed https://securityaffairs.com/156008/hacking/mongodb-investigate-cyberattack.html

🔐 PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2 https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/

🚨 Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks https://securityaffairs.com/155746/security/sophos-backports-cve-2022-3236-patch.html

🔥 New Security Vulnerabilities Uncovered in pfSense Firewall Software https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html

---

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub