IT Security Weekend Catch Up – March 25, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Journalists sent exploding flash drives
  2. Ferrari discloses data breach after receiving ransom demand
  3. Tracking the fake GitHub star black market with Dagster, dbt and BigQuery
  4. RAT developer arrested for infecting 10,000 PCs with malware
  5. Breached hacking forum shuts down, fears it’s not ‘safe’ from FBI

For the more technical

  1. Exploiting aCropalypse: Recovering truncated PNGs
  2. Microsoft fixes aCropalypse privacy bug in Windows 11 Snipping Tool
  3. Move, patch, get out the way: 2022 zero-day exploitation continues at an elevated pace
  4. General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen
  5. WooCommerce credit card skimmer reveals tampered plugin
  6. Critical authentication bypass in WooCommerce Payments allows site takeover
  7. Over-the-air: How we remotely compromised the gateway, BCM, and autopilot ECUs of Tesla cars (PDF)
  8. Pwn2Own Vancouver 2023 – Day one results
  9. Pwn2Own Vancouver 2023 – Day two results
  10. Pwn2Own Vancouver 2023 – Day three results
  11. Netgear Orbi router vulnerable to arbitrary command execution
  12. GitHub: We updated our RSA SSH host key
  13. [VIDEO] Linus Tech Tips explains how YouTube channel got hacked for crypto scam streams
  14. [VIDEO] 4Developers 2022: Cloud hacking scenarios
  15. [VIDEO] 4Developers 2022: Proactive API security
  16. March 20 ChatGPT outage: Here’s what happened
  17. “FakeGPT” #2: Open-source turned malicious in another variant of the Facebook account-stealer Chrome extension
  18. Past KyberSwap frontend exploit
  19. Red Canary 2023 Threat Detection Report (PDF)
  20. Adobe Acrobat Sign abused to push Redline info-stealing malware
  21. Attackers are starting to target .NET developers with malicious-code NuGet packages
  22. Nexus: a new Android botnet?
  23. BianLian ransomware gang continues to evolve
  24. LockBit 3.0: Technical details
  25. KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
  26. Uncovering HinataBot: A deep dive into a Go-based threat
  27. Fortinet zero-day and custom malware used by suspected Chinese actor in espionage operation
  28. Operation Tainted Love: Chinese APTs target telcos in new attacks

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *