Börzel IT
Updates
- Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs
- Microsoft OneNote will block 120 dangerous file extensions
- QNAP warns customers to patch Linux Sudo flaw in NAS devices
- Apple Issues Urgent Security Update for Older iOS and iPadOS Models
- Exchange Online to block emails from vulnerable on-prem servers
Threats
- 3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way!
- 3CX Supply Chain Attack — Here's What We Know So Far
- More evidence links 3CX supply-chain attack to North Korean hacking group
- Hackers compromise 3CX desktop app in a supply chain attack
- Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
- Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE
- Google finds more Android, iOS zero-days used to install spyware
- Ransomware crooks are exploiting IBM file-exchange bug with a 9.8 severity
- Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
- Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds
- WiFi protocol flaw allows attackers to hijack network traffic
- Malicious Python Package uses Unicode support to evade detection
- Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
Incidents
- HIV patients in Scotland CC'd on email in NHS blunder
- LockBit leaks data stolen from the South Korean National Tax Service
- Winter Vivern hackers exploit Zimbra flaw to steal NATO emails
- Telecom giant Lumen suffered a ransomware attack and disclose a second incident
- Toyota Italy accidentally leaked sensitive data
- Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare
- New York law firm coughs up $200k after hospital data stolen
Cyber Crime
- Fake ransomware gang targets U.S. orgs with empty data leak threats
- Bitter APT group targets China’s nuclear energy sector
- Russian APT group Winter Vivern targets email portals of NATO and diplomats
- Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
- Illicit Weapons and Cannabis Reseller Imprisoned | Darknetlive
- German Police Raid DDoS-Friendly Host ‘FlyHosting’
- Polish Man Sentenced for Distributing Drugs on the Dark Web | Darknetlive
- Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M
- Ukrainian cyberpolice busts fraud gang that stole $4.3 million
- 20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison
Malware
- New AlienFox toolkit harvests credentials for tens of cloud services
- AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
- Clipper attacks use Trojanized TOR Browser installers
- Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor
- New MacStealer macOS malware steals passwords from iCloud Keychain
- New IcedID variants shift from bank fraud to malware delivery
Misc.
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- ‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics
- Microsoft Security Copilot Uses GPT-4 to Beef Up Security Incident Response
- Experts call for pause on AI training citing risks to humanity
- Microsoft Defender mistakenly tagging URLs as malicious
- Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders
- President Biden Signs Executive Order Restricting Use of Commercial Spyware
