week 07/2024

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.


For All

👨‍👩‍👧‍👦 One in five children found to engage in illegal activity online https://www.nationalcrimeagency.gov.uk/news/one-in-five-children-found-to-engage-in-illegal-activity-online

📶 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data https://securityaffairs.com/159003/security/public-wi-fi-attacks.html

😨 Quarter of polled Americans say they use AI to make them hotter in online dating https://www.theregister.com/2024/02/12/generative_ai_online_dating_boost/

🛍️ Angreifer spoofen Temu – German! https://www.zdnet.de/88414209/angreifer-spoofen-temu/

👩‍⚖️ Backdoors that let cops decrypt messages violate human rights, EU court says https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/

👀 EU Watchdog Urged to Reject Meta ‘Pay for Privacy’ Scheme https://www.securityweek.com/eu-watchdog-urged-to-reject-meta-pay-for-privacy-scheme/

♻ Meta says risk of account theft after phone number recycling isn't its problem to solve https://www.theregister.com/2024/02/13/meta_phone_security_number_recycling/

🗳 Global Malicious Activity Targeting Elections is Skyrocketing https://securityaffairs.com/159062/hacking/global-malicious-activity-targeting-elections.html

🤱 Broker sold Planned Parenthood visitor location data to pro-life group, senator says Nothing to hide... https://therecord.media/broker-sold-planned-parenthood-data-wyden

🏥 A ransomware attack took 100 Romanian hospitals down https://securityaffairs.com/159093/cyber-crime/romanian-hospitals-ransomware-attack.html


more, For the Curious

🧩 Rhysida ransomware cracked! Free decryption tool released https://www.tripwire.com/state-of-security/rhysida-ransomware-cracked-free-decryption-tool-released

🆓 Broadcom terminates VMware's free ESXi hypervisor https://www.theregister.com/2024/02/13/broadcom_ends_free_esxi_vsphere/

💫 Raspberry Robin spotted using two new 1-day LPE exploits https://securityaffairs.com/158969/malware/raspberry-robin-1-day-exploits.html

🐬 Flipper Zero takes to the big screen Flipper with video output! https://www.theregister.com/2024/02/13/flipper_zero_vgm/

🐞 New critical Microsoft Outlook RCE bug is trivial to exploit https://www.bleepingcomputer.com/news/security/new-critical-microsoft-outlook-rce-bug-is-trivial-to-exploit/

💸 Pennsylvania county pays $350,000 cyberattack ransom https://therecord.media/pennsylvania-county-pays-cyberattack-ransom

🧧 US, Estonia to send confiscated Russian funds to Ukraine. Are ransomware proceeds next? https://therecord.media/us-estonia-sending-confiscated-russian-funds

⚡ Espressif ESP32: Breaking HW AES with Electromagnetic Analysis Glitching your thing https://raelize.com/blog/espressif-systems-esp32-breaking-hw-aes-with-electromagnetic-analysis/


CISA Advisory Corner Microsoft – Actively Exploited! Ⓜ Microsoft Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/microsoft-releases-security-updates-multiple-products Adobe 🅰 Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/02/13/adobe-releases-security-updates-multiple-products BIND 9 🅱 ISC Releases Security Advisories for BIND 9 https://www.cisa.gov/news-events/alerts/2024/02/13/isc-releases-security-advisories-bind-9 🏭 CISA Releases Seventeen Industrial Control Systems Advisories A lot of Siemens https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-releases-seventeen-industrial-control-systems-advisories 🧱 CISA Adds Two Known Exploited Vulnerabilities to Catalog Cisco ASA and Exchange https://www.cisa.gov/news-events/alerts/2024/02/15/cisa-adds-two-known-exploited-vulnerabilities-catalog


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub