Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 5 April 2024

Jorge Laurel Β· Β·4 min read Β·Issue #14

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


πŸ›’ Shopping Platform PandaBuy Data Leak Impacts 1.3 Million Users - Over 1.3 million PandaBuy users’ data leaked. (4/1/2024, BleepingComputer) Read more

πŸ“± AT&T Confirms 73M Customers Affected in Data Leak - AT&T admits data on 73M customers leaked on Dark Web. (4/1/2024, Dark Reading) Read more

πŸ”“ Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals - Malicious Android apps turn phones into proxies. (4/1/2024, The Hacker News) Read more

πŸ“§ Google Now Blocks Spoofed Emails for Better Phishing Protection - Google enhances email protections against phishing. (4/1/2024, BleepingComputer) Read more

πŸ” Detecting Windows-Based Malware Through Better Visibility - New techniques for detecting Windows malware highlighted. (4/1/2024, The Hacker News) Read more

πŸ” Google to Purge Billions of Browsing Data Records After Lawsuit - Google settles lawsuit by deleting tracking data. (4/2/2024,The Hacker News) Read more

πŸ›‘οΈ Security Flaw in WP-Members Plugin Leads to Script Injection - Vulnerability in WP-Members plugin allows script injection. (4/2/2024, SecurityWeek) Read more

πŸ’Ό Attackers Use Google Ad Feature to Target Slack, Notion Users - Malware distributed via fake installers for workplace apps. (4/2/2024, Dark Reading) Read more

πŸ–₯️ New XZ Backdoor Scanner Detects Implant in Any Linux Binary - Binarly releases scanner for XZ Utils supply chain attack. (4/2/2024, BleepingComputer) Read more

🏨 Hotel Self Check-In Kiosks Exposed Room Access Codes - Vulnerability in Ibis Budget hotel kiosks exposes room codes. (4/2/2024, SecurityWeek) Read more

Lets take a quick break from cyber and tech news…

🌍 New Catan game challenges players with environmental issues. (4/2/2024, Ars Technica) Read more

πŸŽ₯ “A New Matrix Movie Is in the Works” - A fifth Matrix film is confirmed with Lana Wachowski to executive produce. (4/3/2024, Gizmodo) Read more…

…and now back to cyber and tech news…

πŸ”’ Google patches Pixel exploits - Forensic firms had a field day until Google intervened on 4/3/2024. Read more from BleepingComputer

🚨 SurveyLama breach impacts millions - Over 4.4 million users’ data at risk, reported by HIBP on 4/3/2024. Details on IoT and Edge

πŸ’» U.S. slams Microsoft for breach - A preventable intrusion by Storm-0558 critiqued on 4/3/2024. The Hacker News explains

πŸ›‘οΈ Microsoft told to boost cloud security - Federal demand post-China’s Storm-0558 hack as of 4/3/2024. Read on Dark Reading

πŸ” SEXi ransomware hits hosting firm - IxMetro Powerhost attacked, encrypting vital servers on 4/3/2024. BleepingComputer reports

πŸ›‘οΈ Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz - Ivanti’s CEO promises a security overhaul. (4/4/2024, SecurityWeek) Read more

🎣 New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware - Updated Rhadamanthys malware targets oil and gas sector. (4/4/2024, The Hacker News) Read more

πŸ•·οΈ New Latrodectus Malware Replaces IcedID in Network Breaches - Latrodectus, an evolved IcedID loader, hits the cyber scene. (4/4/2024, BleepingComputer) Read more

πŸ”’ Microsoft Fixes Outlook Security Alerts Bug Caused by December Updates - Microsoft resolves Outlook’s false security alerts issue. (4/4/2024, BleepingComputer) Read more

πŸ€– AI’s Dual Role in SMB Brand Spoofing - AI fights on both sides of SMB brand spoofing. (4/4/2024, Dark Reading) Read more

🍏 Apple TV, App Store, Podcasts, and More Go Down in a Rough Day for the Internet - Major Apple services experience outage. (4/5/2024, IGN) Read more

πŸ“˜ Publisher: OpenAI’s GPT Store Bots Are Illegally Scraping Our Textbooks - OpenAI addresses GPT Store’s copyright complaints. (4/5/2024, Ars Technica) Read more

πŸ”“ Fake Facebook MidJourney AI Page Promoted Malware to 1.2 Million People - Facebook ads hijacked to spread malware via fake AI services. (4/5/2024, BleepingComputer) Read more

πŸ’³ Magecart Attackers Pioneer Persistent E-Commerce Backdoor - Magecart targets Magento for data theft via a novel backdoor. (4/5/2024, Dark Reading) Read more

πŸ›‘οΈ Cisco Warns of Vulnerability in Discontinued Small Business Routers - No patch for vulnerability in end-of-life Cisco routers. (4/5/2024, SecurityWeek) Read more

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!


Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.