IT Security Weekend Catch Up – March 23, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Finland, Germany, Ireland, Japan, Poland, South Korea added to US-led spyware agreement
  2. Microsoft to shut down 50 cloud services for Russian businesses
  3. Flipper Zero makers respond to Canada’s ‘harmful’ ban proposal
  4. AT&T says leaked data of 70 million people is not from its systems
  5. Fujitsu says it discovered malware on ‘multiple work computers’ that may expose customer data
  6. 19 million plaintext passwords exposed by incorrectly configured Firebase instances
  7. International Monetary Fund email accounts hacked in cyberattack
  8. Darknet marketplace Nemesis Market seized by German police
  9. Moldovan national sentenced to federal prison for operating websites involved in the illicit sale of compromised computer credentials

For the more technical

  1. Loop DoS: New Denial-of-Service attack targets application-layer protocols
  2. [VIDEO] CSRF – how to find it in 2024? CSRF bug bounty case study
  3. Google Vulnerability Reward Program: 2023 year in review
  4. Pwn2Own Vancouver 2024 – day one results & day two results
  5. Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own
  6. Threat landscape for industrial automation systems. H2 2023
  7. A series of serious security vulnerabilities in dormakaba’s Saflok electronic RFID locks
  8. GoFetch: Breaking constant-time cryptographic implementations using data memory-dependent prefetchers
  9. Apple chip flaw lets hackers steal encryption keys
  10. ShadowSyndicate Group’s possible exploitation of aiohttp vulnerability (CVE-2024-23334)
  11. ArtPrompt: ASCII art-based jailbreak attacks against aligned LLMs (PDF)
  12. VexTrio’s browser fingerprinting
  13. Sign1 malware: Analysis, campaign history & indicators of compromise
  14. TeamCity vulnerability exploits lead to Jasmin ransomware, other malware types
  15. WhiteSnake stealer: Unveiling the latest version – less obfuscated, more dangerous
  16. Inside the rabbit hole: BunnyLoader 3.0 unveiled
  17. LockBit attempts to stay afloat with a new version
  18. New Go loader pushes Rhadamanthys stealer
  19. Rescoms rides waves of AceCryptor spam
  20. AcidPour: New embedded wiper variant of AcidRain appears in Ukraine
  21. New details on TinyTurla’s post-compromise activity reveal full kill chain
  22. SmokeLoader delivery: UAC-0006 attack analysis (PDF)
  23. Initial access brokers exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect
  24. Curious Serpens’ FalseFont backdoor: Technical analysis, detection and prevention
  25. Andariel group exploiting Korean asset management solutions (MeshAgent)
  26. Earth Krahang exploits intergovernmental trust to launch cross-government attacks

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *