IT Security Weekend Catch Up – March 18, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Do better coders swear more, or does C just do that to good programmers?
  2. Microsoft lays off an ethical AI team as it doubles down on OpenAI
  3. Microsoft support ‘cracks’ Windows for customer after activation fails
  4. New Wi-Fi 7 cryptomining ‘TP-Link ASIC’ router scam claims to mine faster than RTX 4090
  5. Brazil seizing Flipper Zero shipments to prevent use in crime
  6. One of the darkweb’s largest cryptocurrency laundromats washed out
  7. ‘Nobody is safe’: In wild hacking spree, hackers accessed federal law enforcement database
  8. Dark web ‘BreachForums’ operator charged with computer crime
  9. This is the new leader of Russia’s infamous Sandworm hacking unit
  10. Estonian official says parliamentary elections were targeted by cyberattacks
  11. CISA now warns critical infrastructure of ransomware-vulnerable devices
  12. AT&T alerts 9 million customers of data breach after vendor hack
  13. LockBit brags: We’ll leak thousands of SpaceX blueprints stolen from supplier
  14. Royal Mail schools LockBit in leaked negotiation
  15. Wave of stealthy China cyberattacks hits U.S., private networks, Google says
  16. STALKER 2 hacker demands Ukrainian game developer reinstates Russian language support, or else…

For the more technical

  1. Register(ing) activity related to documents
  2. Kali Linux 2023.1 Release (Kali Purple & Python Changes)
  3. Exploiting CVE-2023-23397: Microsoft Outlook elevation of privilege vulnerability
  4. A look at CVE-2023–23415 — a Windows ICMP vulnerability + mitigations (which is not a cyber meltdown)
  5. Microsoft March 2023 Patch Tuesday
  6. Magniber ransomware actors used a variant of Microsoft SmartScreen bypass
  7. Analysis of FG-IR-22-369
  8. Vulnerabilities in the TPM 2.0 reference implementation code
  9. Multiple Internet to baseband remote code execution vulnerabilities in Exynos modems
  10. Indirect prompt injection threats
  11. Threat actors abuse AI-generated Youtube videos to spread stealer malware
  12. Deanonymizing OpenSea NFT owners via cross-site search vulnerability
  13. Emotet returns, now adopts binary padding for evasion
  14. Thawing the permafrost of IcedID (PDF)
  15. First-ever Dero cryptojacking campaign targeting Kubernetes
  16. How sophisticated scammers and phishers are preying on customers of Silicon Valley Bank
  17. Business on the dark web: deals and regulatory mechanisms (PDF)
  18. A year of Russian hybrid warfare in Ukraine (PDF)
  19. Winter Vivern: Uncovering a wave of global espionage
  20. Nobelium uses Poland’s ambassador’s visit to the U.S. to target EU governments assisting Ukraine
  21. The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia
  22. Threat actors exploit progress Telerik vulnerability in U.S. government IIS server

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *