IT Security Weekend Catch Up – June 17, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Polish police cracks down on DDoS-for-hire service active since 2013
  2. Romanian operator of bulletproof hosting service sentenced to prison in US
  3. Russian national arrested and charged with conspiring to commit LockBit ransomware attacks against U.S. and foreign businesses
  4. Switzerland warns that a ransomware gang may have accessed government data
  5. Millions of Americans’ personal DMV data exposed in massive MOVEit hack
  6. Rhysida ransomware leaks documents stolen from Chilean Army
  7. Pink Drainer steals $3M from multiple hack events including OpenAI CTO, Orbiter Finance
  8. Widespread brand impersonation scam campaign targeting hundreds of the most popular apparel brands
  9. An anti-porn app put him in jail and his family under surveillance
  10. Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker

For the more technical

  1. Cryptomator – vault in cloud
  2. XORtigate: Pre-authentication Remote Code Execution on Fortigate VPN (CVE-2023-27997)
  3. Barracuda ESG zero-day Vulnerability (CVE-2023-2868) exploited globally by aggressive and skilled actor, suspected links to China
  4. VMware ESXi zero-day used by Chinese espionage actor to perform privileged guest operations on compromised hypervisors
  5. June 2023 Microsoft Patch Tuesday
  6. Vulnerability disclosure for Tutanota
  7. MOVEit discloses third critical vulnerability
  8. UI bug in Visual Studio lets attackers impersonate publishers
  9. Fake security researcher GitHub repositories deliver malicious implant
  10. Drone security and fault injection attacks (PDF)
  11. Strava heatmap feature can be abused to find home addresses
  12. Freaky leaky SMS: Extracting user locations by analyzing SMS timings (PDF)
  13. Unauthenticated IDOR to PII disclosure in WooCommerce Stripe Gateway plugin
  14. Hacking root EPP servers to take control of zones
  15. ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
  16. Uncovering Tor hidden service with Etag
  17. Hardware hacking to bypass BIOS passwords
  18. Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
  19. Shampoo: A new ChromeLoader campaign
  20. Honeypot recon: Global database threat landscape
  21. Cryptocurrency mining pools and money laundering: Two real world examples
  22. Understanding Malware-as-a-Service
  23. Skuld: The infostealer that speaks Golang
  24. Android GravityRAT goes after WhatsApp backups
  25. Analyzing the FUD malware obfuscation engine BatCloak
  26. SeroXen incorporates latest BatCloak engine iteration
  27. Elastic charms SpectralViper
  28. Understanding ransomware threat actors: LockBit
  29. Threat actor targets Russian gaming community with WannaCry-imitator
  30. RomCom resurfaces: Targeting politicians in Ukraine and U.S.-based healthcare providing aid to refugees from Ukraine
  31. Shuckworm: Inside Russia’s relentless cyber campaign against Ukraine
  32. Cadet Blizzard emerges as a novel and distinct Russian threat actor

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *