IT Security Weekend Catch Up – December 17, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Alleged leader of Kelvin Security hacker gang arrested in Spain
  2. Microsoft: Disrupting the gateway services to cybercrime
  3. Spammers use Epic Games website to promote ‘piracy’ scams
  4. Amazon sues REKK fraud gang that stole millions in illicit refunds
  5. Disgruntled cloud engineer sentenced to two years in prison for intentionally damaging his former employer’s computer network

For the more technical

  1. Russian Foreign Intelligence Service cyber actors use JetBrains TeamCity CVE in global targeting (PDF)
  2. Polish hackers repaired trains the manufacturer artificially bricked. Now the train company is threatening them
  3. State of Log4j vulnerabilities: How much did Log4Shell change?
  4. Decoding CVE-2023-50164: Unveiling the Apache Struts file upload exploit
  5. Microsoft Patch Tuesday December 2023
  6. iOS 17.2 update puts an end to Flipper Zero’s iPhone shenanigans
  7. How worried should we be about the “AutoSpill” credential leak in Android password managers?
  8. Avira antivirus causes Windows computers to freeze after boot
  9. Critical unauthenticated remote code execution found in Backup Migration plugin
  10. Fake CVE-2023-45124 phishing scam tricks users into installing backdoor plugin
  11. Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
  12. Analyzing AsyncRAT’s code injection into aspnet_compiler.exe across multiple incident response cases
  13. What organizations need to know about Trigona ransomware
  14. ActiveMQ CVE-2023-46604 exploited by Kinsing
  15. Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
  16. Curse of the Krasue: New Linux remote access trojan targets Thailand
  17. TA4557 targets recruiters directly via email
  18. New underground market comes online just in time for the holidays
  19. Kimsuky targets South Korean research institutes with fake import declaration
  20. Sandman APT: China-based adversaries embrace Lua
  21. Press and pressure: Ransomware gangs and the media

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *