Infosec bits for 2023 week 49

Sicelo Ncekana | Dec. 6, 2024, 12:56 p.m.

Cybersecurity News:

Hackers abuse popular Godot game engine to infect thousands of PCs [Sergiu Gatlan, Bleeping Computer]

Video: Salt Typhoon Hacks Major Telecom Giants Using Malware [Davin Jackson, eSecurity Planet]

BT Investigating Hack After Ransomware Group Claims Theft of Sensitive Data [Eduard Kovacs, Security Week]

Vulnerabilities & Patches:

Critical Windows Zero-Day Vulnerability Lets Attackers Steal Users NTLM Credentials [Balaji N, Cybersecurity News]

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access [Ravie Lakshmanan, Then Hacker News]

Critical Vulnerability Discovered in SailPoint IdentityIQ [Ionut Arghire, Security Week]

Breaches & Leaks:

Deloitte Hacked – Brain Cipher Ransomware Group Allegedly Stolen 1 TB of Data [Balaji N, Cybersecurity News]

Data breach exposes over 56 million clothing store customers [Kurt Knutsson, Fox News]

LifeLabs data breach report released after firm loses 4-year bid to keep it quiet [British Columbia, CBC]

Malware

SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan [Ravie Lakshmanan, Then Hacker News]

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play [Ravie Lakshmanan, Then Hacker News]

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems [Bill Toulas, Bleeping Computer]

BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure [Recorded Future, Insikt Group]

Latrodectus malware and how to defend against it with Wazuh [Wazuh, Bleeping Computer]