IT Security Weekend Catch Up – October 21, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [VIDEO] Hack.lu 2023: Introduction to cyberwarfare: Theory and practice – Lukasz Olejnik
  2. Ragnar Locker ransomware’s dark web extortion sites seized by police
  3. Moldovan charged, arrested, and extradited for administration of site involved in the illicit sale of compromised computer credentials
  4. U.S. DoJ cracks down on North Korean IT scammers defrauding global businesses
  5. Apple’s compliance with China app rules plugs censorship loophole, creates new obstacles for developers
  6. Fraudsters target Booking.com customers claiming hotel stay could be cancelled
  7. 530K people’s info feared stolen from cloud PC gaming biz Shadow
  8. Casio discloses data breach impacting customers in 149 countries
  9. Hacker leaks millions more 23andMe user records on cybercrime forum
  10. IT admins are just as culpable for weak password use
  11. Hackers stole access tokens from Okta’s support unit
  12. How Cloudflare mitigated yet another Okta compromise

For the more technical

  1. Signal says there is no evidence rumored zero-day bug is real
  2. CVE-2023-26369: Adobe Acrobat PDF Reader RCE when processing TTF fonts
  3. Active exploitation of Cisco IOS XE software web management user interface vulnerability
  4. Widespread Cisco IOS XE implants in the wild + Cisco IOS XE implant scanner
  5. Looking for CVE-2023-43261 in the real world
  6. Updated MATA attacks industrial companies in Eastern Europe
  7. 55 vulnerabilities in Squid Caching Proxy and 35 0days
  8. Government-backed actors exploiting WinRAR vulnerability
  9. Google-hosted malvertising leads to fake Keepass site that looks genuine
  10. No one is Prefect – is your MLOps infrastructure leaking secrets?
  11. Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service
  12. Critical unauthenticated arbitrary file upload vulnerability in Royal Elementor Addons and Templates being actively exploited
  13. Void Rabisu targets female political leaders with new slimmed-down Romcom variant
  14. US cybersecurity agencies have published an update on their StopRansomware guide (PDF)
  15. In-depth analysis of a worldwide Linux XorDDoS campaign
  16. Take a note of SpyNote
  17. Lumma Stealer distributed via Discord CDN
  18. DarkGate opens organizations for attack via Skype, Teams
  19. APT trends report Q3 2023
  20. “EtherHiding” — Hiding Web2 malicious code in Web3 smart contracts

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *