IT Security Weekend Catch Up – June 24, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Group-IB discovers 100K+ compromised ChatGPT accounts on dark web marketplaces
  2. Most invasive AI apps
  3. From “heavy purchasers” of pregnancy tests to the depression-prone: We found 650,000 ways advertisers label you
  4. DuckDuckGo Windows browser now available in public beta
  5. Bloodied Macbooks and stacks of cash: Inside the increasingly violent Discord servers where kids flaunt their crimes
  6. Identity of mole who sold Russia secrets from within Australia’s spy agency uncovered
  7. European Investment Bank attacked, hackers claiming to “impose sanctions on EU”
  8. SMS phishers harvested phone numbers, shipment data from UPS tracking tool
  9. Reddit hackers threaten to leak data stolen in February breach
  10. BreachForums seized by FBI three months after arrest of alleged admin
  11. American Airlines, Southwest Airlines disclose data breaches affecting pilots

For the more technical

  1. PoC exploit published for Cisco AnyConnect Secure vulnerability
  2. nOAuth: How Microsoft OAuth misconfiguration can lead to full account takeover
  3. VMware warns of critical vRealize flaw exploited in attacks
  4. Zyxel warns of critical command injection flaw in NAS devices
  5. ASUS urges customers to patch critical router vulnerabilities
  6. GitHub dataset research reveals millions potentially vulnerable to RepoJacking
  7. CISA orders agencies to patch iPhone bugs abused in spyware attacks
  8. Dissecting TriangleDB, a Triangulation spyware implant
  9. Fortinet reverses Flutter-based Android malware “Fluhorse”
  10. NSA releases guide to mitigate BlackLotus threat
  11. Fragments of cross-platform backdoor hint at larger Mac OS attack
  12. Condi DDoS botnet spreads via TP-Link’s CVE-2023-1389
  13. The anatomy of the latest Mirai campaign leveraging multiple IoT exploits
  14. Mystic Stealer: The new kid on the block
  15. Mystic Stealer – Evolving “stealth” malware
  16. LockBit Green and phishing that targets organizations
  17. An overview of the different versions of the Trigona ransomware
  18. RedEyes group wiretapping individuals (APT37)
  19. BlueDelta exploits Ukrainian government roundcube mail servers to support espionage activities
  20. Graphican: Flea uses new backdoor in attacks targeting foreign ministries

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *