Infosec bits for 2024 week 3

Maajied Moos | Jan. 19, 2024, 4:22 p.m.

Cybersecurity news:

Hacker spins up 1 million virtual servers to illegally mine crypto [Bill Toulas, Bleeping Computer]

3 Ransomware Group Newcomers to Watch in 2024 [The Hacker News, The Hacker News]

The 7 deadly cloud security sins and how SMBs can do things better [Phil Muncaster, WeLiveSecurity]

Lock Down the Software Supply Chain With 'Secure by Design' [Nathan Eddy, Dark Reading]

Vulnerabilities & Patches:

GitLab Releases Updates to Address Critical Vulnerabilities [Dark Reading Staff, Dark Reading]

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise [Ionut Arghire, Security Week]

APPLE FIXED A BUG IN MAGIC KEYBOARD THAT ALLOWS TO MONITOR BLUETOOTH TRAFFIC [Pierluigi Paganini, Security Affairs]

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows [Newsroom, The Hacker News]

Google fixes first actively exploited Chrome zero-day of 2024 [Sergiu Gatlan, Bleeping Computer]

Malware:

Financial Fraud APK Campaign [Chao Lei, Lee Wei Yeong, Zhanhao Chen, Yang Ji, Qi Deng, Royce Lu and Daiping Liu, Unit42 Paloalto Networks]

New Phishing Scam Hooks META Businesses with Trademark Threats [WAQAS, Hack Read]

Hacks & Breaches:

Team Liquid’s wiki leak exposes 118K users [Vilius Petkauskas, Cybernews]

British cosmetics firm Lush confirms cyberattack [Alexander Martin, The Record]

Taiwanese semiconductor company hit by ransomware attack [Daryna Antoniuk, The Record]

National Bank of Angola says it mitigated cyberattack [Jonathan Greig, The Record]

Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations [Ionut Arghire, Security Week]