IT Security Weekend Catch Up – January 22, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. FAA meltdown injected uncertainty, including for military pilots
  2. PayPal accounts breached in large-scale credential stuffing attack
  3. NortonLifeLock warns that hackers breached Password Manager accounts
  4. Mailchimp says it was hacked — again
  5. Founder and majority owner of cryptocurrency exchange charged with processing over $700 million of illicit funds
  6. It looked like a nice family home. Cops suspect it was a secret drone airport for MDMA dropoffs
  7. Industrial espionage: How China sneaks out America’s technology secrets
  8. The FBI won’t say whether it hacked dark web ISIS site
  9. College kid swarmed by cops with tasers after falling for pizza scam on Twitter
  10. Hacker Guccifer launched Clinton email scandal out of prison

For the more technical

  1. MSI accidentally breaks Secure Boot for hundreds of motherboards
  2. ManageEngine CVE-2022-47966 technical deep dive + PoC
  3. Oracle Critical Patch Update Advisory – January 2023
  4. Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
  5. Netcomm – Unauthenticated Remote Code Execution
  6. Assessing potential exploitation of Sophos Firewall and CVE-2022-3236
  7. CVE-2022-3236: Sophos Firewall User Portal and Web Admin code injection
  8. Suspected Chinese threat actors exploiting FortiOS vulnerability (CVE-2022-42475)
  9. AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
  10. Vendors defeat Magento security patch (+ simple check)
  11. Scattered Spider exploits Windows security deficiencies with bring-your-own-vulnerable-driver tactic in attempt to bypass endpoint security
  12. Illegal Solaris darknet market hijacked by competitor Kraken
  13. Solaris – Russian drug platform exposed
  14. Talos Year in Review 2022
  15. Abusing a GitHub Codespaces feature for malware delivery
  16. Hook: a new Ermac fork with RAT capabilities
  17. Ransomware Diaries: Volume 1
  18. Batloader malware abuses legitimate tools, uses obfuscated JavaScript files in Q4 2022 attacks
  19. Heads up! Xdr33, A variant of CIA’s HIVE attack kit emerges
  20. Uncovering Iran’s mobile legal intercept system

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *