Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 29 March 2024

Jorge Laurel Β· Β·3 min read Β·Issue #13

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


πŸ”‘ New MFA-Bypassing Phishing Kit Targets Microsoft 365, Gmail - Cybercriminals exploit ‘Tycoon 2FA’ to bypass 2FA on major email platforms. (3/25/2024, BleepingComputer) Read more

🍏 iOS 17.4.1 and macOS 14.4.1 Update for Security Fixes - Apple rolls out crucial security updates without much detail. (3/25/2024, 9to5 Mac) Read more

πŸ™ GitHub Accounts Hijacked in Supply Chain Attack - Attackers target developers and organizations including Top.gg. (3/25/2024, The Hacker News) Read more

🎯 Over 100 Organizations Hit by β€˜StrelaStealer’ Attacks - Infostealer campaigns target US and EU organizations. (3/25/2024, SecurityWeek) Read more

πŸ€– Discord Bot Platform Source Code Poisoned in Attack - Top.gg Discord community suffers from supply-chain attack. (3/25/2024, BleepingComputer) Read more

🚨 Hackers’ Evolving Ethical Landscape - New-age hackers abandon old codes of conduct. (3/26/2024, Dark Reading) Read more

πŸ“¦ Malicious NuGet Package Targets Developers - Likely aimed at those working with industrial and digital manufacturing tools. (3/26/2024, The Hacker News) Read more

πŸ“‘ TheMoon Malware Hits 6,000 ASUS Routers - Infections spread in 72 hours, affecting devices across 88 countries. (3/26/2024, BleepingComputer) Read more

πŸ“ Raspberry Pi Turned Fraud Tool with $700 Software - ‘GEOBOX’ software enables novices to launch anonymous cyberattacks. (3/26/2024, BleepingComputer) Read more

πŸ€– 40,000 Device Botnet Discovered - Researchers uncover massive botnet composed of EOL routers and IoT devices. (3/26/2024, SecurityWeek) Read more

πŸ’‘ AI Talent Shortage Means $1M Job Offers - Despite tech layoffs, AI sector’s talent war escalates. (3/27/2024, QZ) Read more

πŸ›‘οΈ DHS Proposes New Cybersecurity Rules - CISA to administer cyber incident, ransomware payment reporting. (3/27/2024, Dark Reading) Read more

πŸ€– Hundreds of Clusters Hacked via Ray AI Vulnerability - Information theft and cryptominer deployment reported. (3/27/2024, SecurityWeek) Read more

πŸ•·οΈ Patched Edge Bug Allowed Stealth Extension Installs - Could have enabled attackers to install malicious extensions silently. (3/27/2024, The Hacker News) Read more

πŸ”’ Linux DinodasRAT Targets Four Countries: Detected targeting China, Taiwan, Turkey, Uzbekistan. (3/28/2024, The Hacker News) Read more

πŸ’° $10M Bounty for BlackCat Gang Info: US seeks information on ransomware group hitting critical infrastructure. (3/28/2024, Dark Reading) Read more

πŸ›‘οΈ Cisco Fixes DoS Flaws: Patches released for vulnerabilities in IOS and IOS XE software. (3/28/2024, SecurityWeek) Read more

πŸ“± MFA Bombing Hits iPhone Users: Attacks involve password reset prompts and vishing calls. (3/28/2024, Dark Reading) Read more

🐍 PyPI Halts New User Sign-Ups: Temporary measure to block ongoing malware campaign. (3/28/2024, BleepingComputer) Read more

πŸ€– Biden Mandates Chief AI Officers: Every US agency required to appoint an AI expert. (3/28/2024, Ars Technica) Read more

🌍 AI Boosts Environmental Monitoring - Revolutionizing our planet’s health management. Tech Bullion, 3/29/2024

πŸ›‘ Pentagon’s New Cybersecurity Strategy - Aiming at four key goals for defense. SecurityWeek, 3/29/2024

🐧 Linux Bug Exposes Passwords - Could allow password leaks and clipboard hijacking. The Hacker News, 3/29/2024

πŸ”‘ Hotel Lock Vulnerability Uncovered - Millions of rooms at risk due to Dormakaba lock flaws. The Hacker News, 3/29/2024

and finally in non-cyber or tech news…

πŸš“ California Police to Stop Using Lego Heads for Suspects - Lego asked a California police department to halt an unusual face-obscuring practice. (3/26/2024, Gizmodo) Read more


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.