week 51/2023

🍪🎄 Happy holidays to you all! 🎅🍪


This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.

Most of the articles are in English, but some current warnings might also be in German.


Update your Browser! 💻 Google addressed a new actively exploited Chrome zero-day https://securityaffairs.com/156231/security/google-addressed-a-new-actively-exploited-chrome-zero-day.html

For Everyone

🤖 Facebook Is Being Overrun With Stolen, AI-Generated Images That People Think Are Real https://www.404media.co/facebook-is-being-overrun-with-stolen-ai-generated-images-that-people-think-are-real/

🧑‍⚖️ Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay https://therecord.media/lapsus$-hacker-sentencing-uk

❌ EU launches formal probe into potential misconduct by X https://therecord.media/european-commission-x-investigation-illegal-content

🛑 Akute Welle an DDoS Angriffen auf staatsnahe und kritische Infrastruktur in Österreich https://cert.at/de/aktuelles/2023/12/akute-welle-an-ddos-angriffen-auf-staatsnahe-und-kritische-infrastruktur-in-osterreich

🤦 U.S. water utilities were hacked after leaving their default passwords set to ‘1111,’ cybersecurity officials say https://www.databreaches.net/u-s-water-utilities-were-hacked-after-leaving-their-default-passwords-set-to-1111-cybersecurity-officials-say/

📱 Threema published a blog post regarding the topic of “Survailance via push notifications” Comment: This is how such things should always be handled! https://threema.ch/en/blog/posts/push-notifications-and-data-privacy

🗨️ FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Comment: Ever wanted to know what the FBI advises regarding ransomware? Spoiler: It's kind of what security folks are advising all day. 😏 https://www.cisa.gov/news-events/alerts/2023/12/18/fbi-cisa-and-asds-acsc-release-advisory-play-ransomware


more, For the Curious

🎆 Year in Malware 2023: Recapping the major cybersecurity stories of the past year https://blog.talosintelligence.com/year-in-malware-2023-timeline/

🏥 Health data breaches hit an all-time high in 2023 https://www.databreaches.net/health-data-breaches-hit-an-all-time-high-in-2023/

🏭 Hacktivists boast: We shut down Iran's gas pumps today https://go.theregister.com/feed/www.theregister.com/2023/12/18/hacktivists_shut_down_irans_petrol/

🖥️ New “Terrapin” Attack on the SSH transport protocol with certain OpenSSH extensions, before 9.6 https://terrapin-attack.com/#question-answer https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

🐈‍⬛ BlackCat Ransomware Raises Ante After FBI Disruption https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/


A peculiar cluster of current phishing warnings this week?

📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/

📧 Fake F5 BIG-IP zero-day warning emails push data wipers https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/

📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions in these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub