Jorge Laurel
Friday Wrap Up

Friday Wrap Up for 1 March 2024

Jorge Laurel Β· Β·3 min read Β·Issue #8

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.

🚨 LockBitSupp talks to law enforcement post-ransomware takedown. (2/25/2024, The Hacker News, https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html)

πŸ‘Ά Florida’s new bill against youth on social media. 2/25/2024, NY Times, https://www.nytimes.com/2024/02/23/business/florida-social-media-youths.html

πŸ’Έ Apple’s Vision Pro cost breakdown sparks returns. 2/25/2024, 9to5mac, https://9to5mac.com/2024/02/25/heres-how-much-it-costs-apple-to-make-the-3500-vision-pro/

🌍 Five Eyes detail Russian cyberespionage in clouds. 2/26/2024, CyberScoop, https://cyberscoop.com/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments/

πŸ“§ Massive email spam from SubdoMailing campaign. 2/26/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/subdomailing-campaign-spams-5-million-emails-daily-via-8k-hijacked-domains/

πŸ‡ΊπŸ‡¦ UAC-0184 targets in Finland with Remcos RAT. 2/26/2024, Dark Reading, https://www.darkreading.com/cyberattacks-data-breaches/uac-0184-targets-ukrainian-entity-finland-remcos-rat

πŸ”— NIST updates focus on supply chain risk. 2/26/2024, CyberScoop, https://fedscoop.com/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management/

πŸ€– OpenAI fights NYT copyright claims. 2/27/2024, The Verge, https://www.theverge.com/2024/2/27/24084843/openai-new-york-times-dismiss-copyright-claims-lawsuit

πŸ”“ Hugging Face vulnerability exposes AI models. 2/27/2024, The Hacker News, https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html

πŸ“Ί Amazon update disrupts Fire TV apps. 2/27/2024, Slashdot, https://it.slashdot.org/story/24/02/27/1927226/amazon-bricks-long-standing-fire-tv-apps-with-new-update?utm_source=rss1.0mainlinkanon&utm_medium=feed

πŸ’» Lazarus exploits Windows zero-day for kernel access. 2/28/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/lazarus-hackers-exploited-windows-zero-day-to-gain-kernel-privileges/

πŸ₯ Ransomware gang hits Change Healthcare for 6TB data. 2/28/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/ransomware-gang-claims-they-stole-6tb-of-change-healthcare-data/

πŸ“° Google funds AI-generated news articles. 2/28/2024, Google News, https://9to5google.com/2024/02/27/google-ai-generated-articles-news-publishers/

πŸ”§ ‘Savvy Seahorse’ hackers use DNS CNAME trick. 2/28/2024, Dark Reading, https://www.darkreading.com/vulnerabilities-threats/savvy-seahorse-hackers-debut-novel-dns-cname-trick

πŸ‡ΊπŸ‡Έ White House to protect data from foreign transfer. 2/28/2024, SecurityWeek, https://www.securityweek.com/white-house-to-issue-executive-order-on-personal-information-protection/

πŸ•΅οΈ Chinese spies target Ivanti VPN with new malware. 2/28/2024, SecurityWeek, https://www.securityweek.com/chinese-cyberspies-use-new-malware-in-ivanti-vpn-attacks/

πŸ”’ 20 million Cutout.Pro user records leaked. Personal info exposed. 2/29/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/20-million-cutoutpro-user-records-leaked-on-data-breach-forum/

πŸ”‘ New Silver SAML Attack bypasses Golden SAML defenses. 2/29/2024, The Hacker News, https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html

πŸ›‘οΈ Meta fixes critical Facebook account takeover bug. 2/29/2024, SecurityWeek, https://www.securityweek.com/meta-patches-facebook-account-takeover-vulnerability/

πŸ› Citrix, Sophos software hit by leap year bugs, causing glitches. 2/29/2024, BleepingComputer, https://www.bleepingcomputer.com/news/software/citrix-sophos-software-impacted-by-2024-leap-year-bugs/

πŸ”’ New Linux Bifrost RAT uses VMware mimic for evasion. 2/29/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/new-bifrost-malware-for-linux-mimics-vmware-domain-for-evasion/

πŸ›‘οΈ GitHub enhances public repo security with secret scanning. 2/29/2024, The Hacker News https://thehackernews.com/2024/03/github-rolls-out-default-secret.html

πŸ’» Microsoft halts Edge update over ‘Out of Memory’ errors. 3/1/2024, BleepingComputer, https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-edge-update-causing-out-of-memory-crashes/

🎭 CryptoChameleon targets Apple, Okta users with tech support scam. (3/1/2024, Dark Reading) https://www.darkreading.com/application-security/cryptochameleon-attackers-target-apple-okta-users-tech-support-gambit

⚠️ CISA alerts on exploited Microsoft Streaming bug. 3/1/2024, BleepingComputer, https://www.bleepingcomputer.com/news/security/cisa-warns-of-microsoft-streaming-bug-exploited-in-malware-attacks/

πŸ–₯️ New BIFROSE malware variant evades via VMware domain. 3/1/2024, The Hacker News, https://thehackernews.com/2024/03/new-bifrose-linux-malware-variant-using.html

and finally in non-cybersecurity and technology news……

πŸ“Ί Neuromancer, a classic Sci-Fi, headed to Apple TV+. 2/29/2024, Bleeding Cool News, https://bleedingcool.com/tv/neuromancer-apple-tv-adapting-william-gibsons-classic-sci-fi-novel/

Stay informed and secure in the cybersecurity and technology world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.