IT Security Weekend Catch Up – April 29, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. The EDPB data protection guide for small business
  2. The DOJ detected the SolarWinds hack 6 months earlier than first disclosed
  3. Capita admits customer data may have been breached during cyber-attack
  4. Ukrainian arrested for selling data of 300M people to Russians
  5. Cybersecurity company Group-IB says it’s fully exited Russia

For the more technical

  1. Attackers in the bottleneck – lateral movements and threat hunting
  2. New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)
  3. CVE-2023-29552 Service Location Protocol-denial of service amplification attack
  4. TP-Link WAN-side vulnerability CVE-2023-1389 added to the Mirai botnet arsenal
  5. GhostToken – exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts
  6. Critical vulnerabilities in PaperCut print management software
  7. Do NOT remove curl.exe from your Windows System32 folder
  8. Multiple security vulnerabilities in VMware Workstation and Fusion
  9. Smartphones with popular Qualcomm chip secretly share private information with US chip-maker
  10. BlackBerry Global Threat Intelligence Report – April 2023 (PDF)
  11. How I (could) have stolen your corporate secrets for $100 (PDF)
  12. Google: How we fought bad apps and bad actors in 2022
  13. HiddenAds spread via Android gaming apps on Google Play
  14. Magecart threat actor rolls out convincing modal forms
  15. First-ever attack leveraging Kubernetes RBAC to backdoor clusters
  16. NSO Group’s Pegasus spyware returns in 2022 with a trio of iOS 15 and iOS 16 zero-click exploit chains
  17. EvilExtractor – all-in-one stealer
  18. Threat actor selling new Atomic macOS (AMOS) Stealer on Telegram
  19. Bumblebee malware distributed via trojanized installer downloads
  20. Rapture, a ransomware family with similarities to Paradise
  21. APT trends report Q1 2023
  22. Hacktivism unveiled, April 2023 insights into the footprints of hacktivists
  23. Nomadic Octopus’ Paperbug campaign (PDF)
  24. Unpacking BellaCiao: A closer look at Iran’s latest malware
  25. Evasive Panda APT group delivers malware via updates for popular Chinese software
  26. FIN7 tradecraft seen in attacks against Veeam backup servers

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *