week 50/2023

This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.

Update your phones! 📱 Apple iOS Zero Days https://support.apple.com/en-us/HT214039

Update your computers! 💻 Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html

For Everyone

🚆 Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them If you have not read about that story, here is a current article https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/

💰 Willhaben: Lassen Sie sich nicht auf WhatsApp und Co locken! https://www.watchlist-internet.at/news/willhaben-lassen-sie-sich-nicht-auf-whatsapp-und-co-locken/

📱 How worried should we be about the “AutoSpill” credential leak in Android password managers? https://arstechnica.com/?p=1990601

💬 Meta brings end-to-end encryption to Messenger Sometimes there are some good news too! https://arstechnica.com/tech-policy/2023/12/meta-defies-fbi-opposition-to-encryption-brings-e2ee-to-facebook-messenger/

🎮 Counter-Strike 2 HTML injection bug exposes players’ IP addresses https://www.bleepingcomputer.com/news/security/counter-strike-2-html-injection-bug-exposes-players-ip-addresses/

📱 Apple fixed the iPhone’s Flipper Zero problem https://www.theverge.com/2023/12/15/24003406/apple-iphone-flipper-zero-fix-ios-17-2

more, For the Curious

📞 Major Cyber Attack Paralyzes Kyivstar – Ukraine's Largest Telecom Operator https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html

💧 Two-day water outage in remote Irish region caused by pro-Iran hackers https://therecord.media/water-outage-in-ireland-county-mayo

🧓📰 Lazarus Group Using Log4j Exploits Remember Log4j? Still a valuable target. https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html

💽 MongoDB investigates a cyberattack, customer data exposed https://securityaffairs.com/156008/hacking/mongodb-investigate-cyberattack.html

🔐 PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2 https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/

🚨 Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks https://securityaffairs.com/155746/security/sophos-backports-cve-2022-3236-patch.html

🔥 New Security Vulnerabilities Uncovered in pfSense Firewall Software https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub