37c3 &mdash; ๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ https://infosec.press/wrzlbrmpfts-cyberlights/tag:37c3 weekly cybersecurity highlights (for everyone!) Wed, 22 Apr 2026 16:18:02 +0000 week 52/2023 https://infosec.press/wrzlbrmpfts-cyberlights/week-52-2023 <![CDATA[This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is - kind of - to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices - it is what I think is significant, cool or fun. Most of the articles are in English, but some current warnings might also be in German. For All ๐ŸŽง Spotify music converter TuneFab puts users at risk https://securityaffairs.com/156659/security/spotify-music-converter-tunefab-data-leak.html โฌ› New Black Basta decryptor exploits ransomware flaw to recover files encrypted between November 2022 earlier this month https://www.databreaches.net/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files-encrypted-between-november-2022-earlier-this-month/ Games ๐ŸŽฎ Game mod on Steam breached to push password-stealing malware https://www.bleepingcomputer.com/news/security/game-mod-on-steam-breached-to-push-password-stealing-malware/ ๐ŸŽฎ GTA 5 source code reportedly leaked online a year after RockStar hack https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/ Health ๐Ÿ’Š Australia: St Vincentโ€™s unable to confirm if medical records stolen Comment: No Logs - no visibility - no clue https://www.databreaches.net/au-st-vincents-unable-to-confirm-if-medical-records-stolen/ ๐Ÿฅ Lockbit ransomware disrupts emergency care at German hospitals https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/ ๐Ÿฅ Hospitals ask courts to force cloud storage firm to return stolen data https://www.bleepingcomputer.com/news/security/hospitals-ask-courts-to-force-cloud-storage-firm-to-return-stolen-data/ more, For the Curious ๐Ÿšจ SSH ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385) https://threatprotect.qualys.com/2023/12/26/ssh-proxycommand-unexpected-code-execution-vulnerability-cve-2023-51385/ ๐Ÿ New Version of Meduza Stealer Released in Dark Web https://securityaffairs.com/156598/malware/meduza-stealer-released-dark-web.html ๐ŸŽ Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html ๐Ÿ“ง SMTP Smuggling a little older but popped up, because of #37c3 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ --- (by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way. theme: https://write.as/themes/fosstodon-hub]]> This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is โ€“ kind of โ€“ to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices โ€“ it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

For All

๐ŸŽง Spotify music converter TuneFab puts users at risk https://securityaffairs.com/156659/security/spotify-music-converter-tunefab-data-leak.html

โฌ› New Black Basta decryptor exploits ransomware flaw to recover files encrypted between November 2022 earlier this month https://www.databreaches.net/new-black-basta-decryptor-exploits-ransomware-flaw-to-recover-files-encrypted-between-november-2022-earlier-this-month/

Games ๐ŸŽฎ Game mod on Steam breached to push password-stealing malware https://www.bleepingcomputer.com/news/security/game-mod-on-steam-breached-to-push-password-stealing-malware/

๐ŸŽฎ GTA 5 source code reportedly leaked online a year after RockStar hack https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/

Health ๐Ÿ’Š Australia: St Vincentโ€™s unable to confirm if medical records stolen Comment: No Logs โ€“> no visibility โ€“> no clue https://www.databreaches.net/au-st-vincents-unable-to-confirm-if-medical-records-stolen/

๐Ÿฅ Lockbit ransomware disrupts emergency care at German hospitals https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals/

๐Ÿฅ Hospitals ask courts to force cloud storage firm to return stolen data https://www.bleepingcomputer.com/news/security/hospitals-ask-courts-to-force-cloud-storage-firm-to-return-stolen-data/

more, For the Curious

๐Ÿšจ SSH ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385) https://threatprotect.qualys.com/2023/12/26/ssh-proxycommand-unexpected-code-execution-vulnerability-cve-2023-51385/

๐Ÿ New Version of Meduza Stealer Released in Dark Web https://securityaffairs.com/156598/malware/meduza-stealer-released-dark-web.html

๐ŸŽ Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html

๐Ÿ“ง SMTP Smuggling a little older but popped up, because of #37c3 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

]]> https://infosec.press/wrzlbrmpfts-cyberlights/week-52-2023 Sun, 31 Dec 2023 14:57:00 +0000