IT Security Weekend Catch Up – September 24, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Visiting the National Museum of Cryptology at the NSA
  2. Inside ShadowDragon, the tool that lets ICE monitor pregnancy tracking sites and Fortnite players
  3. Xi Jinping’s security obsession turns ordinary citizens into spy hunters
  4. Attorney General Bonta announces $93 million settlement regarding Google’s location-privacy practices
  5. International operation closes down Piilopuoti dark web marketplace

For the more technical

  1. Analyzing a modern in-the-wild Android exploit
  2. CVE-2023-4863: Heap buffer overflow in Google libwebp (WebP)
  3. Signal adds quantum-resistant encryption to its E2EE messaging protocol
  4. GitLab critical security release: 16.3.4 and 16.2.7
  5. CVE-2023-36844 and friends: RCE in Juniper devices
  6. Commonalities in vehicle vulernabilities (PDF)
  7. 38TB of data accidentally exposed by Microsoft AI researchers
  8. “MrTonyScam” — Botnet of Facebook users launch high-intent Messenger phishing attack on business accounts
  9. New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel implants
  10. Ahmed Eltantawy targeted with Predator spyware after announcing presidential ambitions
  11. Fake CVE-2023-40477 proof of concept leads to VenomRAT
  12. Overview of IoT threats in 2023
  13. Behind the scenes of BBTok: Analyzing a banker’s server side components
  14. Snatch ransomware – what you need to know
  15. Earth Lusca employs new Linux backdoor, uses Cobalt Strike for lateral movement
  16. Transparent Tribe’s CapraRAT mimics YouTube to hijack Android phones
  17. UNC3944 leverages SMS phishing campaigns for SIM swapping, ransomware, extortion, and notoriety
  18. Sandman APT – A mystery group targeting telcos with a LuaJIT toolkit
  19. How the Lazarus Group is stepping up crypto hacks and changing its tactics
  20. Operation Rusty Flag – A malicious campaign against Azerbaijanian targets
  21. Cado Security Labs researchers witness a 600X increase in P2Pinfect traffic

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *