IT Security Weekend Catch Up – February 17, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Estonian intelligence warns about Chinese state-linked Tik Tok big data collection
  2. Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?
  3. 200,000 Facebook Marketplace user records leaked on hacking forum
  4. ExpressVPN leaked DNS requests due to a bug in split tunneling feature
  5. Warzone RAT infrastructure seized
  6. FBI disrupts Moobot botnet used by Russian military hackers
  7. Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison
  8. Father and son who stole wild falcon eggs caught out by DNA testing

For the more technical

  1. Snap Trap: The hidden dangers within Ubuntu’s package suggestion system
  2. SmartScreen vulnerability: CVE-2024-21412 facts and fixes
  3. CVE-2024-21412: Water Hydra targets traders with Microsoft Defender SmartScreen zero-day
  4. Microsoft February 2024 Patch Tuesday
  5. The risks of the MonikerLink bug in Microsoft Outlook and the big picture
  6. Microsoft: New critical Exchange bug exploited as zero-day
  7. Zoom patches critical privilege elevation flaw in Windows apps
  8. The real Shim shady – How CVE-2023-40547 impacts most Linux systems
  9. New vulnerability in QNAP QTS firmware: CVE-2023-50358
  10. CVE-2023-47218: QNAP QTS and QuTS hero unauthenticated command injection
  11. Ivanti Connect Secure: Journey to the core of the DSLog backdoor (PDF)
  12. Patch now! Roundcube mail servers are being actively exploited
  13. SolarWinds fixes critical RCE bugs in access rights audit solution
  14. Ongoing malicious campaign impacting Azure cloud environments
  15. New macOS backdoor written in Rust shows possible link with Windows ransomware group
  16. HijackLoader expands techniques to improve defense evasion
  17. New Qbot malware variant uses fake Adobe installer popup for evasion
  18. The (d)evolution of Pikabot
  19. Diving into Glupteba’s UEFI bootkit
  20. MoqHao evolution: New variants start automatically right after installation
  21. Free Rhysida ransomware decryptor for Windows exploits RNG flaw
  22. Bumblebee buzzes back in black
  23. Meta: Countering the surveillance-for-hire industry & influence operations (PDF)
  24. OpenAI and Microsoft shuts down accounts linked to 5 nation-state hacking groups
  25. Russian language cybercriminal forums – analyzing the most active and renowned communities
  26. TinyTurla Next Generation – Turla APT spies on Polish NGOs
  27. China’s cyber revenge: Why the PRC fails to back its claims of western espionage
  28. New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
  29. Tool of first resort: Israel-Hamas war in cyber (PDF)
  30. Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *