IT Security Weekend Catch Up – December 30, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Predicting dementia from spontaneous speech using large language models
  2. Deployment dashboards for key Internet standards in the EU
  3. Twitter rival Mastodon rejects funding to preserve nonprofit status
  4. Microsoft fined $64 million in France over advertising cookies
  5. North Korea hacked almost 900 South Korean foreign policy experts, sought ransom
  6. Hackers stole data from multiple electric utilities in recent ransomware attack
  7. Port of Lisbon website still down as LockBit gang claims cyberattack
  8. Personal data from 270,000 patients was leaked in Louisiana hospital cyberattack
  9. Canada’s largest children’s hospital struggles to recover from pre-Christmas ransomware attack
  10. How biometric devices are putting Afghans in danger
  11. Police in China can track protests by enabling ‘alarms’ on Hikvision software
  12. They called 911 for help. Police and prosecutors used a new junk science to decide they were liars

For the more technical

  1. CVE-2022-27510, CVE-2022-27518 – Measuring Citrix ADC & Gateway version adoption on the Internet
  2. ENLBufferPwn (CVE-2022-47949)
  3. Netgear warns users to patch recently fixed WiFi router bug
  4. Malware, ransomware analysis and a lot of fun with reverse engineering
  5. XLLing in Excel – threat actors using malicious add-ins
  6. Password managers by Tavis Ormandy
  7. Turning Google smart speakers into wiretaps for $100k
  8. EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers (PDF)
  9. OpwnAI: AI that can save the day or HACK it away
  10. “MasquerAds” — Google’s Ad-Words massively abused by threat actors, targeting organizations, GPUs and crypto wallets
  11. IcedID botnet distributors abuse Google PPC to distribute malware
  12. New ransomware strains emerging from leaked Conti’s source code
  13. New stealer variants in burgeoning PyPI supply chain attack
  14. New RisePro Stealer distributed by the prominent PrivateLoader
  15. GuLoader dissection reveals new anti-analysis techniques and code injection redundancy
  16. Cybersecurity threatscape: Q3 2022
  17. Hackers steal $8 million from users running trojanized BitKeep apps
  18. The scammers who scam scammers on cybercrime forums: Part 1, Part 2, Part 3, Part 4
  19. Inside Roblox’s criminal underworld, where kids are scamming kids
  20. New Steppy#Kavach attack campaign likely targeting Indian government
  21. BlueNoroff introduces new methods bypassing MoTW
  22. Fin7 Unveiled: A deep dive into notorious cybercrime gang (PDF)
  23. Investigation of North Korean APT’s large-scale phishing attack on NFT users

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *