week 51/2023
🍪🎄 Happy holidays to you all! 🎅🍪
This is simply an attempt at building a weekly shortlist of cyber security highlights. My intention is – kind of – to pick stuff that I think everyone should know about, but there is no actual planning done towards my choices – it is what I think is significant, cool or fun.
Most of the articles are in English, but some current warnings might also be in German.
Update your Browser! 💻 Google addressed a new actively exploited Chrome zero-day https://securityaffairs.com/156231/security/google-addressed-a-new-actively-exploited-chrome-zero-day.html
For Everyone
🤖 Facebook Is Being Overrun With Stolen, AI-Generated Images That People Think Are Real https://www.404media.co/facebook-is-being-overrun-with-stolen-ai-generated-images-that-people-think-are-real/
🧑⚖️ Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay https://therecord.media/lapsus$-hacker-sentencing-uk
❌ EU launches formal probe into potential misconduct by X https://therecord.media/european-commission-x-investigation-illegal-content
🛑 Akute Welle an DDoS Angriffen auf staatsnahe und kritische Infrastruktur in Österreich https://cert.at/de/aktuelles/2023/12/akute-welle-an-ddos-angriffen-auf-staatsnahe-und-kritische-infrastruktur-in-osterreich
🤦 U.S. water utilities were hacked after leaving their default passwords set to ‘1111,’ cybersecurity officials say https://www.databreaches.net/u-s-water-utilities-were-hacked-after-leaving-their-default-passwords-set-to-1111-cybersecurity-officials-say/
📱 Threema published a blog post regarding the topic of “Survailance via push notifications” Comment: This is how such things should always be handled! https://threema.ch/en/blog/posts/push-notifications-and-data-privacy
🗨️ FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Comment: Ever wanted to know what the FBI advises regarding ransomware? Spoiler: It's kind of what security folks are advising all day. 😏 https://www.cisa.gov/news-events/alerts/2023/12/18/fbi-cisa-and-asds-acsc-release-advisory-play-ransomware
more, For the Curious
🎆 Year in Malware 2023: Recapping the major cybersecurity stories of the past year https://blog.talosintelligence.com/year-in-malware-2023-timeline/
🏥 Health data breaches hit an all-time high in 2023 https://www.databreaches.net/health-data-breaches-hit-an-all-time-high-in-2023/
🏭 Hacktivists boast: We shut down Iran's gas pumps today https://go.theregister.com/feed/www.theregister.com/2023/12/18/hacktivists_shut_down_irans_petrol/
🖥️ New “Terrapin” Attack on the SSH transport protocol with certain OpenSSH extensions, before 9.6 https://terrapin-attack.com/#question-answer https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
🐈⬛ BlackCat Ransomware Raises Ante After FBI Disruption https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/
A peculiar cluster of current phishing warnings this week?
📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/
📧 Fake F5 BIG-IP zero-day warning emails push data wipers https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/
📧 New phishing attack steals your Instagram backup codes to bypass 2FA https://www.bleepingcomputer.com/news/security/new-phishing-attack-steals-your-instagram-backup-codes-to-bypass-2fa/
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.