IT Security Weekend Catch Up – April 19, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Meta’s ad practices ruled illegal under GDPR: Key facts and implications of the decision
  2. Google to crack down on third-party YouTube apps that block ads
  3. Cops can force suspect to unlock phone with thumbprint, US court rules
  4. AFP traps alleged RAT developer
  5. Former security engineer sentenced to three years in prison for hacking two decentralized cryptocurrency exchanges
  6. The fall of LabHost: Law enforcement shuts down phishing service provider
  7. Chinese-owned semiconductor company Nexperia hit by ransomware attack
  8. HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

For the more technical

  1. Palo Alto – putting the protecc in GlobalProtect (CVE-2024-3400)
  2. 22,500 Palo Alto firewalls “possibly vulnerable” to ongoing attacks
  3. PuTTY SSH client flaw allows recovery of cryptographic private keys
  4. [VIDEO] Request smuggling – do more than running tools! HTTP Request smuggling bug bounty case study
  5. Telegram fixes Windows app zero-day used to launch Python scripts
  6. Security advisory YSA-2024-01 YubiKey Manager privilege escalation
  7. Advanced cyber threats impact even the most prepared
  8. Botnets continue exploiting CVE-2023-1389 for wide-scale spread
  9. Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
  10. LastPass users targeted in phishing attacks good enough to trick even the savvy
  11. Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
  12. LLM agents can autonomously exploit one-day vulnerabilities
  13. Not The Hidden Wiki – the repository of links related to cybersecurity
  14. NCSC Cyber Threat Report 2022/2023
  15. Cyberthreats in the transportation industry
  16. SoumniBot: the new Android banker’s unique techniques
  17. Akira ransomware gang made $42 million from 250 attacks since March 2023
  18. ‘Junk gun’ ransomware: Peashooters can still pack a punch
  19. Unpacking the Blackjack group’s Fuxnet malware
  20. Russia-linked backdoor targets Eastern European networks
  21. Unearthing APT44: Russia’s notorious cyber sabotage unit Sandworm (PDF)
  22. Analysis of the APT31 indictment
  23. DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
  24. From social engineering to DMARC abuse: TA427’s art of information gathering
  25. Threat group FIN7 targets the U.S. automotive industry

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *