IT Security Weekend Catch Up – April 1, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Whistleblowers take note: Don’t trust cropping tools
  2. The DEA bought customer data from rogue employees instead of getting a warrant
  3. Clearview AI used nearly 1m times by US police, it tells the BBC
  4. Biden executive order bans federal agencies from using commercial spyware
  5. NCA infiltrates cyber crime market with disguised DDoS sites
  6. ‘This is like a movie’: Ukraine’s secret plan to convince 3 Russian pilots to defect with their planes
  7. Telegram, the free zone for disinformation and conspiracies
  8. A scammer who tricks Instagram into banning influencers has never been identified. We may have found him
  9. The dirty secrets of a smear campaign
  10. Florida city water cyber incident allegedly caused by employee error

For the more technical

  1. About the security content of iOS 16.4 and iOS 15.7.4
  2. Guidance for investigating attacks using CVE-2023-23397
  3. Spyware vendors use 0-days and n-days against popular platforms
  4. Amnesty International uncovers new hacking campaign linked to mercenary spyware company
  5. BingBang: AAD misconfiguration led to results manipulation and account takeover
  6. InjectGPT: the most polite exploit ever
  7. Building a DOS ChatGPT client in 2023
  8. Remote code execution vulnerability in Azure Pipelines can lead to software supply chain attack
  9. Active intrusion campaign targeting 3CXDesktopApp customers
  10. SmoothOperator: Ongoing campaign trojanizes 3CXDesktopApp in supply chain attack
  11. How scammers employ IPFS for email phishing
  12. Framing frames: Bypassing Wi-Fi encryption by manipulating transmit queues (PDF)
  13. Malicious actors use Unicode support in Python to evade detection
  14. Clipboard-injecting malware disguises itself as Tor browser, steals cryptocurrency
  15. MacStealer: New macOS-based stealer malware identified
  16. Moobot strikes again – Targeting Cacti and RealTek vulnerabilities
  17. Fork in the ice: The new era of IcedID
  18. Shining light on Dark Power: Yet another ransomware gang
  19. Mélofée: a new alien malware in the Panda’s toolset targeting Linux hosts
  20. Winter Vivern uses known Zimbra vulnerability to target webmail portals of NATO-aligned governments in Europe
  21. Dissecting AlienFox: The cloud spammer’s Swiss army knife
  22. With KeyPlug, China’s RedGolf spies on, steals from wide field of targets (PDF)
  23. APT43: North Korean group uses cybercrime to fund espionage operations (PDF)
  24. Contracts identify cyber operations projects from Russian company NTC Vulkan
  25. A look inside Putin’s secret plans for cyber-warfare
  26. ‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *