week 01/2024

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Currently in Austria 🅰️ Massenhaft Phishing-Mails im Namen von A1 im Umlauf https://www.watchlist-internet.at/news/sofortiges-handeln-erforderlich-massenhaft-phishing-mails-im-namen-von-a1-im-umlauf/


For All

🤦‍ A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier https://arstechnica.com/?p=1993801

🥸 Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html

🎄 Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data https://securityaffairs.com/156560/deep-web/leaksmas-dark-web-data-leak.html

📠 After ransomware claims, Xerox says subsidiary hit with cyberattack https://therecord.media/xerox-xbs-cyberattack

🥷 Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html

🧑‍⚖️ Court hearings become ransomware concern after justice system breach https://go.theregister.com/feed/www.theregister.com/2024/01/02/victoria_court_system_breach/

🐻 Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html


more, For the Curious

📌 Nearly 11 million SSH servers vulnerable to new Terrapin attacks https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/

🔃 New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html

📇 CISA Adds Two Known Exploited Vulnerabilities to Catalog These are for Excel and Chrome. Fixes exist! Update! https://www.cisa.gov/news-events/alerts/2024/01/02/cisa-adds-two-known-exploited-vulnerabilities-catalog

🍏 4-year campaign backdoored iPhones using possibly the most advanced exploit ever https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature

🛫 Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion https://www.darkreading.com/ics-ot-security/airbus-acquire-atos-cybersecurity-unit-2-billion


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub