IT Security Weekend Catch Up – January 26, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [VIDEO] iPhone thief explains how he breaks into your phone
  2. [VIDEO] New Apple update includes ‘Stolen Device Protection’
  3. Stop using Opera Browser and Opera GX
  4. OpenAI ChatGPT Free & Plus privacy policies explained
  5. Founder of Neo-Nazi group the Base instructs followers to use ‘uncensored’ AI
  6. Trello API abused to link email addresses to 15 million accounts
  7. Fujitsu bugs that sent innocent people to prison were known “from the start”
  8. French regulator fines Amazon $35M over its surveillance system of warehouse workers
  9. France: CNIL fines Yahoo €10M for unlawful use of cookies
  10. Russian national sentenced for involvement in development and deployment of Trickbot malware
  11. Investigating worldwide SMS scams, and tens of millions of dollars in fraud

For the more technical

  1. The Artemis security scanner
  2. Stealing your email with a .txt file
  3. Microsoft actions following attack by nation state actor Midnight Blizzard
  4. Midnight Blizzard: Guidance for responders on nation-state attack
  5. HPE: Russian hackers breached its security team’s email accounts
  6. Chinese espionage group UNC3886 found exploiting CVE-2023-34048 since late 2021
  7. Over a million sites at risk: Hackers are exploiting CVE-2023-6933 flaw in WordPress plugin
  8. [VIDEO] How to hack WordPress?
  9. Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining
  10. CVE-2024-0204: Fortra GoAnywhere MFT authentication bypass deep-dive
  11. Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice
  12. Cisco warns of critical RCE flaw in communications software
  13. Another Phobos ransomware variant launches attack – FAUST
  14. NSPX30: A sophisticated AitM-enabled implant evolving since 2005
  15. ScarCruft: Attackers gather strategic intelligence and target cybersecurity professionals
  16. Kasseika ransomware deploys BYOVD attacks, abuses PsExec and exploits Martini driver
  17. Cybercrime central: VexTrio operates massive criminal affiliate program
  18. Location tracking on the battlefield (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *