Börzel IT
Updates
- Microsoft pushes OOB security updates for Windows Snipping tool flaw
- Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
- Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software
- Experts published PoC exploit code for Veeam Backup & Replication bug
Incidents
- GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
- OpenAI: ChatGPT payment data leak caused by open-source bug
- City of Toronto confirms data theft, Clop claims responsibility
- Dole Says Employee Information Compromised in Ransomware Attack
- Journalist in Ecuador injured in USB drive explosion
- strongLionsgate streaming platform with 37m subscribers leaks user data/strong
- South Korea fines McDonalds for data leak from raw SMB share
- Activision Got Hacked but Didn't Tell Its Employees: Report
- Cyberattack sees Australian fintech take itself offline
- Ferrari discloses data breach after receiving ransom demand
Threats
- Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog
- Malicious ChatGPT Extensions Add to Google Chrome Woes
- German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics
- Now patched Outlook zero-day gains PoC and growing concerns
- North Korean hackers using Chrome extensions to steal Gmail emails
- Facebook accounts hijacked by new malicious ChatGPT Chrome extension
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- .NET Devs Targeted With Malicious NuGet Packages
- New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict
- Windows 11 Snipping Tool privacy bug exposes cropped image content
- The FBI Warns SIM Swapping Attacks Are Rising. What's That?
- Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer
- Vessels claiming to be Chinese warships are messing with passenger planes
- Google Pixel flaw allowed recovery of redacted, cropped images
Cyber Crime
- Russia’s Rostec allegedly can de-anonymize Telegram users
- New Dark Power ransomware claims 10 victims in its first month
- Chinese Warships Suspected of Signal-Jamming Passenger Jets
- BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum
Malware
- New Android Malware Targets Customers of 450 Financial Institutions Worldwide
- Custom 'Naplistener' Malware a Nightmare for Network-Based Detection
- New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
- New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks
Misc.
- Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397
- New CISA tool detects hacking activity in Microsoft cloud services
- Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
- French govt clears AI facial scans for Paris Olympics
- Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
- German parties accused of voter microtargeting on Facebook
- Xi, Putin declare intent to rule the world of AI, infosec
- 7 guidelines for identifying and mitigating AI-enabled phishing campaigns
