week 08/2024

An attempt at creating a weekly shortlist of cyber security highlights. My intention is to pick news that everyone should know about. It is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might be in German.

For All

🕵️‍♀️ Brussels spyware bombshell: Surveillance software found on officials’ phones https://www.politico.eu/article/parliament-defense-subcommittee-phones-checked-for-spyware/

🚔 Police arrests LockBit ransomware members, release decryptor in global crackdown The big one this week. https://securityaffairs.com/159360/cyber-crime/operation-cronos-disrupted-lockbit-operation.html https://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/ 🚓 More details about Operation Cronos that disrupted Lockbit operation https://securityaffairs.com/159388/cyber-crime/operation-cronos-against-lockbit.html

🥵 Reddit signs AI training deal with Google – and why OpenAI's Altman could be the winner https://www.theregister.com/2024/02/22/reddit_google_license_ipo_altman/

👾 Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data https://www.theverge.com/2024/2/22/24080135/avast-security-privacy-software-ftc-fine-data-harvesting 💰 Avast shells out $17M to shoo away claims it peddled people's personal data https://www.theregister.com/2024/02/23/avast_ftc_settlement/

🚪 DoorDash coughs up a few bucks after California accuses it of spreading around customer info https://www.theregister.com/2024/02/22/doordash_ccpa_settlement/

📹 Wyze security incident allowed strangers to see into some users’ homes https://therecord.media/wyze-camera-security-incident-allowed-strangers-to-see-into-homes

🧬 Vietnam to collect biometrics – even DNA – for new ID cards https://www.theregister.com/2024/02/20/vietnam_id_cards_dna/

🗨️ Signal will soon let you share a username instead of your phone number Already available as beta tester https://www.theverge.com/2024/2/20/24078395/signal-username-phone-number-beta

⚖️ Europe's data protection laws cut data storage by making information-wrangling pricier https://www.theregister.com/2024/02/21/gdpr_data_processing_costs/

Fun read corner *(at least for me)* 📤 Thanks FedEx, This is Why we Keep Getting Phished Fun read (at least for me) https://www.troyhunt.com/thanks-fedex-this-is-why-we-keep-getting-phished/

👠 The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger – I never thought I was the kind of person to fall for a scam. Long, but amazingly relateable https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html

more, For the Curious

💧 Documents from a Chinese government spyware vendor Anxun leaked to GitHub THE 2nd BIG ONE for this week. “I-S00N” Newsarticles https://www.lawfaremedia.org/article/the-i-soon-data-leak-disruption-disruption-everywhere https://krebsonsecurity.com/2024/02/new-leak-shows-business-side-of-chinas-apt-menace/ https://www.theregister.com/2024/02/22/i_soon_china_infosec_leak/ https://cyberscoop.com/isoon-chinese-apt-contractor-leak/ other sources https://news.ycombinator.com/item?id=39426379 https://github.com/mttaggart/I-S00N/tree/main/0

🐎 Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach/

🔋 VARTA – Statement, VARTA makes good progress in solving the cyberattack https://www.varta-ag.com/en/about-varta/news/details/varta-makes-good-progress-in-solving-the-cyberattack

💨 Dusting Off Old Fingerprints: NSO Group’s Unknown MMS Hack Missed this one last week. https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/

🚢 Biden signs executive order to give Coast Guard added authority over maritime cyber threats https://cyberscoop.com/biden-executive-order-coast-guard-cyber/

💯 How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity https://blog.talosintelligence.com/how-cvss-4-0-changes-vulnerability-severity/

🪤 The scary DNS “KeyTrap” bug explained in plain words Thank you cert.at for this one. I really struggled to find a good description... https://pducklin.com/2024/02/18/the-scary-dns-keytrap-bug-explained-in-plain-words/

🌩 Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers https://www.securityweek.com/researchers-devise-voltschemer-attacks-targeting-wireless-chargers/

⚔ Two days into the Digital Services Act, EU wields it to deepen TikTok probe https://www.theregister.com/2024/02/20/eu_tiktok_investigation/

🪖 Now the ‘most dangerous time I can remember,’ warns British military’s cyber general https://therecord.media/gen-jim-hockenhull-most-dangerous-time-national-security

🍐 Apple created post-quantum cryptographic protocol PQ3 for iMessage https://securityaffairs.com/159543/security/post-quantum-cryptographic-protocol-pq3.html

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub