IT Security Weekend Catch Up – October 13, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [VIDEO] How criminals use cryptocurrencies to hide their transactions and how the police and OSINTers are catching up with them
  2. New millionaires, new music: How cybercrime was codified into Afrobeats
  3. An introduction to threat modelling
  4. How generative AI is boosting the spread of disinformation and propaganda
  5. Norway wants Facebook behavioral advertising banned across Europe
  6. Undermining democracy: The European Commission’s controversial push for digital surveillance
  7. Hackers steal user database from European telecommunications standards body
  8. 23andMe says private user data is up for sale after being scraped
  9. Air Europa data breach: Customers warned to cancel credit cards

For the more technical

  1. October 2023 Microsoft Patch Tuesday summary
  2. Best practices for securing Node.js applications in production
  3. CVE-2023-22515: Zero-day privilege escalation in Confluence Server and Data Center
  4. Global NetScaler Gateway credential harvesting campaign
  5. The art of concealment: A new Magecart campaign that’s abusing 404 pages
  6. Balada Injector targets unpatched tagDiv plugin, newspaper theme & WordPress admins
  7. How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack
  8. Google mitigated the largest DDoS attack to date, peaking above 398 million rps
  9. HTTP/2 Rapid Reset: deconstructing the record-breaking attack
  10. How AWS protects customers from DDoS events
  11. IZ1H9 campaign enhances its arsenal with scores of exploits
  12. ShellBot DDoS malware installed through hexadecimal notation addresses
  13. Trojans all the way down: Badbox and Peachpit (PDF)
  14. HelloKitty ransomware source code leaked on hacking forum
  15. SeroXen RAT in typosquatted NuGet package
  16. Predator Files: Technical deep-dive into Intellexa Alliance’s surveillance products
  17. Stayin’ Alive – targeted attacks against telecoms and government ministries in Asia
  18. ToddyCat: Keep calm and check logs
  19. Sticky Werewolf attacks public organizations in Russia and Belarus
  20. Webwyrm: A vast network of deception by impersonating thousands of brands (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *