week 02/2024

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

For All

💸 Bitcoin price jumps after hackers hijack SEC Twitter account https://cyberscoop.com/sec-bitcoin-etf-gensler/

🐺 Deepfaked Celebrity Ads Promoting Medicare Scams Run Rampant on YouTube https://www.404media.co/joe-rogan-taylor-swift-andrew-tate-ai-deepfake-youtube-medicare-ads/

📘 Do You Suddenly Need To Delete Your Facebook App? a little long – FBs “new” feature Link-History is getting some attention. https://www.forbes.com/sites/zakdoffman/2024/01/08/serious-new-facebook-warning-for-apple-iphone-and-google-android-users/

🚸 Under pressure, Meta say it will change how it delivers some content to children https://therecord.media/meta-to-change-content-minors

🍔 Burger King Giving Discounts If Facial Recognition Thinks You're Hungover for me this is between cringe an crazy😵‍💫 https://gizmodo.com/burger-king-giving-discounts-if-facial-recognition-thin-1851124496

🚢 Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages I missed this one last week! https://securityaffairs.com/156994/laws-and-regulations/merck-settles-notpetya-insurance.html

🔐 2 new “smart locks” for 🤨 and ✋ Why is this a good idea?😨 https://www.theverge.com/2024/1/8/24025150/lockly-visage-facial-recognition-smart-lock-matter-home-key https://www.theverge.com/2024/1/8/24025616/philips-door-lock-palm-recognition-smart-deadbolt-ces

🔧 Vulnerabilities found in high-power Bosch wrenches popular with carmakers Network connected wrenches!?!?! 🤯 https://therecord.media/bosch-rexroth-pneumatic-wrenches-vulnerabilities-disclosed

👩‍⚖️ FTC settles unprecedented case against geolocation data broker https://therecord.media/ftc-settles-case-geolocation-data-broker-xmode-outlogic

more, For the Curious

🐀 Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

👴 Age-old problems to sharing cyber threat info remain, IG report finds https://cyberscoop.com/cyber-threat-sharing-report-odni/

🐟 Inside a $20 Million Coinbase Phishing Ring https://www.404media.co/inside-a-20-million-coinbase-phishing-ring/

🖨️ Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks – source https://www.reuters.com/markets/deals/hewlett-packard-enterprise-nears-13-bln-deal-buy-juniper-networks-wsj-2024-01-08/

Bugs and CVEs 🧫 GitLab fixed a critical zero-click account hijacking flaw zero-click! update if you use it!! https://securityaffairs.com/157389/security/gitlab-zero-click-account-hijacking-flaw.html

🛅 CVE-2023-46647 Improper privilege management in all versions of GitHub Enterprise Server https://nvd.nist.gov/vuln/detail/CVE-2023-46647

🆕 new CISA Known Exploited Adobe, Apple, D-Link and Joomla https://www.cisa.gov/news-events/alerts/2024/01/08/cisa-adds-six-known-exploited-vulnerabilities-catalog Sharepoint https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub