IT Security Weekend Catch Up – December 10, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [AUDIO] Algorithms of Trauma 2. How Facebook feeds on your fears
  2. Anxious about your health? Facebook won’t let you forget
  3. Reuters takes down blockbuster hacker-for-hire investigation after Indian court order
  4. Leader of Russian hacktivist group Killnet ‘retires,’ appoints new head
  5. Founder and majority owner of cryptocurrency exchange pleads guilty to unlicensed money transmitting
  6. Tipalti investigates claims of data stolen in ransomware attack
  7. 23andMe confirms hackers stole ancestry data on 6.9 million users
  8. Apple admits to secretly giving governments push notification data
  9. Meta’s new AI image generator was trained on 1.1 billion Instagram and Facebook photos
  10. Meta Facebook Messenger is now rolling out end-to-end encryption by default

For the more technical

  1. Dieselgate, but for trains – some heavyweight hardware hacking
  2. Detecting malicious activity against Microsoft Exchange servers
  3. Guidance for investigating attacks using CVE-2023-23397
  4. Android Security Bulletin – December 2023
  5. Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS
  6. AutoSpill attack steals credentials from Android password managers
  7. Atlassian patches critical RCE flaws across multiple products
  8. Threat actors exploit Adobe ColdFusion CVE-2023-26360 for initial access to government servers
  9. Researchers discover dozens of new bugs affecting Sierra Wireless routers
  10. SLAM: Spectre based on linear address masking
  11. Leaky address masking: Exploiting unmasked Spectre gadgets with noncanonical address translation (PDF)
  12. New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips (PDF)
  13. Critical POP chain allowing remote code execution patched in WordPress 6.4.2
  14. By the same token: How adversaries infiltrate AWS cloud accounts
  15. Kali Linux 2023.4 released with GNOME 45 and 15 new tools
  16. Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
  17. BlueNoroff: new Trojan attacking macOS users
  18. Unmasking the enigma: A historical dive into the world of PlugX malware
  19. P2Pinfect – new variant targets MIPS devices
  20. MrAnon stealer spreads via email with fake hotel booking PDF
  21. Linux version of Qilin ransomware focuses on VMware ESXi
  22. Cisco Talos 2023 Year in Review
  23. Scanning danger: Unmasking the threats of quishing
  24. AeroBlade on the hunt targeting the U.S. aerospace industry

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *