IT Security Weekend Catch Up – January 12, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Dutch man sabotaged Iranian nuclear program without Dutch government’s knowledge
  2. AirDrop ‘cracked’ by chinese authorities to identify senders
  3. Video piracy visits rose to 141 billion in 2023, report shows
  4. Member of notorious international hacking crew sentenced to prison

For the more technical

  1. Microsoft January 2024 Patch Tuesday
  2. Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
  3. CVE-2023-36025 exploited for defense evasion in Phemedrone stealer campaign
  4. Vulnerabilities on Bosch Rexroth nutrunners may be abused to stop production lines, tamper with safety-critical tightenings
  5. Active exploitation of two zero-day vulnerabilities in Ivanti Connect Secure VPN
  6. Cutting Edge: Suspected APT targets Ivanti Connect Secure VPN in new zero-day exploitation
  7. Cisco Unity Connection unauthenticated arbitrary file upload vulnerability
  8. New RE#TURGENCE attack campaign: Turkish hackers target MSSQL servers to deliver domain-wide MIMIC ransomware
  9. Juniper warns of critical RCE bug in its firewalls and switches
  10. Google: Malware abusing API is standard token theft, not an API issue
  11. Type juggling leads to two vulnerabilities in POST SMTP Mailer WordPress plugin
  12. Thousands of sites with Popup Builder compromised by Balada Injector
  13. Joomla! vulnerability is being actively exploited
  14. New Year with new PE-bear, release 0.6.7 is ready
  15. AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
  16. From gamer to malware developer: Exploring Silver RAT and its Syrian roots
  17. Deceptive cracked software spreads Lumma variant on YouTube
  18. Atomic Stealer rings in the new year with updated version
  19. Black Basta-affiliated Water Curupira’s Pikabot spam campaign
  20. New decryptor for Babuk Tortilla ransomware variant released
  21. Follow-on extortion campaign targeting victims of Akira and Royal ransomware
  22. Exploring FBot: Python-based malware targeting cloud and payment services
  23. Hundreds of thousands of dollars worth of Solana cryptocurrency assets stolen in recent CLINKSINK drainer campaigns
  24. Russian language cybercriminal forums – an excursion into the core of the underground ecosystem
  25. Russian language cybercriminal forums – steep investments and hefty profits
  26. You had me at hi — Mirai-based NoaBot makes an appearance
  27. Turkish espionage campaigns in the Netherlands
  28. “Homeland Justice” targets Albanian organizations with “No-justice” wiper

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *