week 06/2024

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

Highlight 🪥 How to tell if your toothbrush is being used in a DDoS attack https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack Wanna know more? See end of post.

🏙 Betrug: Falsche Briefe der Stadt verschickt https://wien.orf.at/stories/3243868/

For All

🏴‍☠️ How are user credentials stolen and used by threat actors? https://blog.talosintelligence.com/how-are-user-credentials-stolen-and-used-by-threat-actors/

👩‍🏭 Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html

🔲 QR Codes – what's the real risk? https://www.ncsc.gov.uk/blog-post/qr-codes-whats-real-risk

🥸 Fake LastPass password manager spotted on Apple-s App Store https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/

🕵️‍♀️ Buying Spying: How the commercial surveillance industry works and what can be done about it Wanna know more? Full report by Google further down https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/

🧹 Mozilla’s new service tries to wipe your data off the web https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests

🏷 Meta announcement: Labeling AI-Generated Images on Facebook, Instagram and Threads https://about.fb.com/news/2024/02/labeling-ai-generated-images-on-facebook-instagram-and-threads/

🌆How to Protect Your Social Media Accounts Good tips. You can skip the score... https://www.mcafee.com/blogs/privacy-identity-protection/how-to-protect-your-social-media-accounts/

👑 Want to watch porn in Britain? Get your passport ready https://www.politico.eu/article/the-great-british-porn-block-is-back/

more, For the Curious

👨‍🔧OT Maintenance Is Primary Source of OT Security Incidents: Report https://www.securityweek.com/ot-maintenance-is-primary-source-of-ot-security-incidents-report/

🔨 mlcsec/proctools: Small toolkit for extracting information and dumping sensitive strings from Windows processes https://github.com/mlcsec/proctools

🚘 How I Also Hacked my Car https://goncalomb.com/blog/2024/01/30/f57cf19b-how-i-also-hacked-my-car

🧾 Full Report by Google – Buying Spying Insights into Commercial Surveillance Vendors https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf

🔓 VIDEO: Breaking Bitlocker – Bypassing the Windows Disk Encryption (by stacksmashing) https://www.youtube.com/watch?v=wTl4vEednkQ

🩲 The Real Shim Shady – How CVE-2023-40547 Impacts Most Linux Systems https://eclypsium.com/blog/the-real-shim-shady-how-cve-2023-40547-impacts-most-linux-systems/

📡 CEO of Ukraine's largest telecom operator describes Russian cyberattack that wiped thousands of computers https://therecord.media/kyivstar-ceo-on-russian-cyberattack-telecom

📵 Taking Apart an Android SMS Stealer https://vaktibabat.github.io/posts/Android_SMS_Stealer/

💫 Combining Cybersecurity Frameworks: An Alternative to Incident Reporting https://medium.com/@s.lontzetidis/combining-cybersecurity-frameworks-an-alternative-to-incident-reporting-9d642d9a5456

Doubt corner – don't believe everything! 📹 Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ !! Doubtfull story. Source article seems to be this from scmp.com. https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html

🦷 3 million smart toothbrushes were just used in a DDoS attack. Really !! ⚠ NOT true!! @GossiTheDog@cyberplace.social and Forbes https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-just-used-in-a-ddos-attack-really/

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub