Infosec bits for 2024 week 3
Maajied Moos | Jan. 19, 2024, 4:22 p.m.
Cybersecurity news:
Hacker spins up 1 million virtual servers to illegally mine crypto [Bill Toulas, Bleeping Computer]
3 Ransomware Group Newcomers to Watch in 2024 [The Hacker News, The Hacker News]
The 7 deadly cloud security sins and how SMBs can do things better [Phil Muncaster, WeLiveSecurity]
Lock Down the Software Supply Chain With 'Secure by Design' [Nathan Eddy, Dark Reading]
Vulnerabilities & Patches:
GitLab Releases Updates to Address Critical Vulnerabilities [Dark Reading Staff, Dark Reading]
New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise [Ionut Arghire, Security Week]
APPLE FIXED A BUG IN MAGIC KEYBOARD THAT ALLOWS TO MONITOR BLUETOOTH TRAFFIC [Pierluigi Paganini, Security Affairs]
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows [Newsroom, The Hacker News]
Google fixes first actively exploited Chrome zero-day of 2024 [Sergiu Gatlan, Bleeping Computer]
Malware:
Financial Fraud APK Campaign [Chao Lei, Lee Wei Yeong, Zhanhao Chen, Yang Ji, Qi Deng, Royce Lu and Daiping Liu, Unit42 Paloalto Networks]
New Phishing Scam Hooks META Businesses with Trademark Threats [WAQAS, Hack Read]
Hacks & Breaches:
Team Liquid’s wiki leak exposes 118K users [Vilius Petkauskas, Cybernews]
British cosmetics firm Lush confirms cyberattack [Alexander Martin, The Record]
Taiwanese semiconductor company hit by ransomware attack [Daryna Antoniuk, The Record]
National Bank of Angola says it mitigated cyberattack [Jonathan Greig, The Record]
Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations [Ionut Arghire, Security Week]