IT Security Weekend Catch Up – October 6, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Tales from the Crypto: How the Baltic states became the hub of money laundering and fraud
  2. UK passport images database could be used to catch shoplifters
  3. Amazon made $1B with secret algorithm for spiking prices Internet-wide
  4. Sony confirms data breach impacting thousands in the U.S.
  5. Group attacking Apple encryption linked to dark-money network
  6. Red Cross lays down hacktivism law as Ukraine war rages on
  7. People exploited YouTube bug to upload “undeletable” porn videos
  8. A closer look at the Snatch data ransom group
  9. Lorenz ransomware crew bungles blackmail blueprint by leaking two years of contacts
  10. The SiegedSec crew claimed it broke into six NATO web portals

For the more technical

  1. CVE-2023-4911: Looney Tunables – local privilege escalation in the glibc’s ld.so
  2. Microsoft’s response to open-source vulnerabilities – CVE-2023-4863 and CVE-2023-5217
  3. Cisco Emergency Responder static credentials vulnerability
  4. Behind the screens: An overview of hidden attack surfaces in powerful BMC chip infrastructure
  5. ShellTorch: Multiple critical vulnerabilities in PyTorch model server (TorchServe) threatens countless AI users
  6. NSA and CISA advise on top ten cybersecurity misconfigurations
  7. Cloudflare DDoS protections ironically bypassed using Cloudflare
  8. Thousands of GitHub comments leak live API keys
  9. Exposing infection techniques across supply chains and codebases
  10. Analyzing Lu0Bot: A Node.js malware with near-unlimited capabilities
  11. BunnyLoader, the newest malware-as-a-service
  12. Let’s dig deeper: dissecting the new Android trojan GoldDigger
  13. LightSpy mAPT mobile payment system attack
  14. Typosquatting campaign delivers r77 rootkit via npm
  15. Malicious packages hidden in npm
  16. Introducing the REF5961 intrusion set
  17. Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
  18. Operation Jacana: Foundling hobbits in Guyana
  19. Chinese state-sponsored cyber espionage activity targeting semiconductor industry in East Asia
  20. Active Lycantrox infrastructure illumination

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *