week 01/2024
This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.
Most of the articles are in English, but some current warnings might also be in German.
Currently in Austria 🅰️ Massenhaft Phishing-Mails im Namen von A1 im Umlauf https://www.watchlist-internet.at/news/sofortiges-handeln-erforderlich-massenhaft-phishing-mails-im-namen-von-a1-im-umlauf/
For All
🤦 A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier https://arstechnica.com/?p=1993801
🥸 Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html
🎄 Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data https://securityaffairs.com/156560/deep-web/leaksmas-dark-web-data-leak.html
📠 After ransomware claims, Xerox says subsidiary hit with cyberattack https://therecord.media/xerox-xbs-cyberattack
🥷 Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html
🧑⚖️ Court hearings become ransomware concern after justice system breach https://go.theregister.com/feed/www.theregister.com/2024/01/02/victoria_court_system_breach/
🐻 Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html
more, For the Curious
📌 Nearly 11 million SSH servers vulnerable to new Terrapin attacks https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/
🔃 New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html
📇 CISA Adds Two Known Exploited Vulnerabilities to Catalog These are for Excel and Chrome. Fixes exist! Update! https://www.cisa.gov/news-events/alerts/2024/01/02/cisa-adds-two-known-exploited-vulnerabilities-catalog
🍏 4-year campaign backdoored iPhones using possibly the most advanced exploit ever https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature
🛫 Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion https://www.darkreading.com/ics-ot-security/airbus-acquire-atos-cybersecurity-unit-2-billion
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.