1395 5E65 0C7A 5CEF 0373 F6E2 8982 15F5 6081 EBEB

Infosec bits for 2024 week 3

Maajied Moos | Jan. 19, 2024, 4:22 p.m.

Cybersecurity news:

  • Hacker spins up 1 million virtual servers to illegally mine crypto [Bill Toulas, Bleeping Computer]
  • 3 Ransomware Group Newcomers to Watch in 2024 [The Hacker News, The Hacker News]
  • The 7 deadly cloud security sins and how SMBs can do things better [Phil Muncaster, WeLiveSecurity]
  • Lock Down the Software Supply Chain With 'Secure by Design' [Nathan Eddy, Dark Reading]
  • Vulnerabilities & Patches:

  • GitLab Releases Updates to Address Critical Vulnerabilities [Dark Reading Staff, Dark Reading]
  • New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise [Ionut Arghire, Security Week]
  • APPLE FIXED A BUG IN MAGIC KEYBOARD THAT ALLOWS TO MONITOR BLUETOOTH TRAFFIC [Pierluigi Paganini, Security Affairs]
  • Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows [Newsroom, The Hacker News]
  • Google fixes first actively exploited Chrome zero-day of 2024 [Sergiu Gatlan, Bleeping Computer]
  • Malware:

  • Financial Fraud APK Campaign [Chao Lei, Lee Wei Yeong, Zhanhao Chen, Yang Ji, Qi Deng, Royce Lu and Daiping Liu, Unit42 Paloalto Networks]
  • New Phishing Scam Hooks META Businesses with Trademark Threats [WAQAS, Hack Read]
  • Hacks & Breaches:

  • Team Liquid’s wiki leak exposes 118K users [Vilius Petkauskas, Cybernews]
  • British cosmetics firm Lush confirms cyberattack [Alexander Martin, The Record]
  • Taiwanese semiconductor company hit by ransomware attack [Daryna Antoniuk, The Record]
  • National Bank of Angola says it mitigated cyberattack [Jonathan Greig, The Record]
  • Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations [Ionut Arghire, Security Week]