Friday Wrap Up for 1 March 2024
It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
π¨ LockBitSupp talks to law enforcement post-ransomware takedown. (2/25/2024, The Hacker News, https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html)
πΆ Florida’s new bill against youth on social media. 2/25/2024, NY Times, https://www.nytimes.com/2024/02/23/business/florida-social-media-youths.html
πΈ Apple’s Vision Pro cost breakdown sparks returns. 2/25/2024, 9to5mac, https://9to5mac.com/2024/02/25/heres-how-much-it-costs-apple-to-make-the-3500-vision-pro/
π Five Eyes detail Russian cyberespionage in clouds. 2/26/2024, CyberScoop, https://cyberscoop.com/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments/
π§ Massive email spam from SubdoMailing campaign. 2/26/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/subdomailing-campaign-spams-5-million-emails-daily-via-8k-hijacked-domains/
πΊπ¦ UAC-0184 targets in Finland with Remcos RAT. 2/26/2024, Dark Reading, https://www.darkreading.com/cyberattacks-data-breaches/uac-0184-targets-ukrainian-entity-finland-remcos-rat
π NIST updates focus on supply chain risk. 2/26/2024, CyberScoop, https://fedscoop.com/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management/
π€ OpenAI fights NYT copyright claims. 2/27/2024, The Verge, https://www.theverge.com/2024/2/27/24084843/openai-new-york-times-dismiss-copyright-claims-lawsuit
π Hugging Face vulnerability exposes AI models. 2/27/2024, The Hacker News, https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html
πΊ Amazon update disrupts Fire TV apps. 2/27/2024, Slashdot, https://it.slashdot.org/story/24/02/27/1927226/amazon-bricks-long-standing-fire-tv-apps-with-new-update?utm_source=rss1.0mainlinkanon&utm_medium=feed
π» Lazarus exploits Windows zero-day for kernel access. 2/28/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/lazarus-hackers-exploited-windows-zero-day-to-gain-kernel-privileges/
π₯ Ransomware gang hits Change Healthcare for 6TB data. 2/28/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/ransomware-gang-claims-they-stole-6tb-of-change-healthcare-data/
π° Google funds AI-generated news articles. 2/28/2024, Google News, https://9to5google.com/2024/02/27/google-ai-generated-articles-news-publishers/
π§ ‘Savvy Seahorse’ hackers use DNS CNAME trick. 2/28/2024, Dark Reading, https://www.darkreading.com/vulnerabilities-threats/savvy-seahorse-hackers-debut-novel-dns-cname-trick
πΊπΈ White House to protect data from foreign transfer. 2/28/2024, SecurityWeek, https://www.securityweek.com/white-house-to-issue-executive-order-on-personal-information-protection/
π΅οΈ Chinese spies target Ivanti VPN with new malware. 2/28/2024, SecurityWeek, https://www.securityweek.com/chinese-cyberspies-use-new-malware-in-ivanti-vpn-attacks/
π 20 million Cutout.Pro user records leaked. Personal info exposed. 2/29/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/20-million-cutoutpro-user-records-leaked-on-data-breach-forum/
π New Silver SAML Attack bypasses Golden SAML defenses. 2/29/2024, The Hacker News, https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html
π‘οΈ Meta fixes critical Facebook account takeover bug. 2/29/2024, SecurityWeek, https://www.securityweek.com/meta-patches-facebook-account-takeover-vulnerability/
π Citrix, Sophos software hit by leap year bugs, causing glitches. 2/29/2024, BleepingComputer, https://www.bleepingcomputer.com/news/software/citrix-sophos-software-impacted-by-2024-leap-year-bugs/
π New Linux Bifrost RAT uses VMware mimic for evasion. 2/29/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/new-bifrost-malware-for-linux-mimics-vmware-domain-for-evasion/
π‘οΈ GitHub enhances public repo security with secret scanning. 2/29/2024, The Hacker News https://thehackernews.com/2024/03/github-rolls-out-default-secret.html
π» Microsoft halts Edge update over ‘Out of Memory’ errors. 3/1/2024, BleepingComputer, https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-edge-update-causing-out-of-memory-crashes/
π CryptoChameleon targets Apple, Okta users with tech support scam. (3/1/2024, Dark Reading) https://www.darkreading.com/application-security/cryptochameleon-attackers-target-apple-okta-users-tech-support-gambit
β οΈ CISA alerts on exploited Microsoft Streaming bug. 3/1/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/cisa-warns-of-microsoft-streaming-bug-exploited-in-malware-attacks/
π₯οΈ New BIFROSE malware variant evades via VMware domain. 3/1/2024, The Hacker News, https://thehackernews.com/2024/03/new-bifrose-linux-malware-variant-using.html
and finally in non-cybersecurity and technology news……
πΊ Neuromancer, a classic Sci-Fi, headed to Apple TV+. 2/29/2024, Bleeding Cool News, https://bleedingcool.com/tv/neuromancer-apple-tv-adapting-william-gibsons-classic-sci-fi-novel/
Stay informed and secure in the cybersecurity and technology world. Have a great weekend, and remember to patch and protect your systems!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.