IT Security Weekend Catch Up – October 28, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [VIDEO] AI and hacking – opportunities and threats – Joseph “rez0” Thacker
  2. This new data poisoning tool lets artists fight back against generative AI
  3. Who’s behind Israel-Gaza disinformation and hate online?
  4. Are social media giants censoring pro-Palestine voices amid Israel’s war?
  5. Spanish police arrest 34 alleged cybercriminals for scamming operation
  6. Brave appears to install VPN Services without user consent
  7. CCleaner says hackers stole users’ personal data during MOVEit mass-hack
  8. 1Password detects “suspicious activity” in its internal Okta account
  9. QNAP takes down server behind widespread brute-force attacks
  10. They cracked the code to a locked USB drive worth $235 million in Bitcoin. Then it got weird

For the more technical

  1. iLeakage: Browser-based timerless speculative execution attacks on Apple devices
  2. Citrix Bleed: Leaking session tokens with CVE-2023-4966
  3. Putting censorship circumvention to the test: Security audit findings
  4. Pwn2Own Toronto 2023 – day one results
  5. Pwn2Own Toronto 2023 – day two results
  6. Pwn2Own Toronto 2023 – day three results
  7. Pwn2Own Toronto 2023 – day four results
  8. Phishing guidance: Stopping the attack cycle at phase one
  9. Malware stories: Deworming the XWorm
  10. Mystic Stealer revisited
  11. Rhysida ransomware technical analysis
  12. Measuring the potential impact of Pipedream malware OPC UA module, Mousehole
  13. Leveraging a hooking framework to expand malware detection coverage on the Android platform
  14. From Copacabana to Barcelona: The cross-continental threat of Brazilian banking malware
  15. Sophisticated StripedFly spy platform masqueraded for years as crypto miner
  16. How to catch a wild triangle
  17. The outstanding stealth of Operation Triangulation
  18. IPinside: Korea’s mandatory spyware
  19. ENISA Threat Landscape 2023 report
  20. Cloud and threat report: Top adversary tactics and techniques
  21. ESET APT Activity Report Q2–Q3 2023
  22. Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
  23. Technical writeup: Malware campaigns targeting Armenian infrastructure and users
  24. A cascade of compromise: unveiling Lazarus’ new campaign

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *