📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #39/2023 is out! It includes the following and much more:
➝ 🔓 #GitHub repos bombarded by info-stealing commits masked as #Dependabot
➝ 🇯🇵 💸 #Sony Investigating After Hackers Offer to Sell Stolen Data
➝ 🔓 #BORN Ontario child registry #databreach affects 3.4 million people
➝ 🇭🇰 🔓 Personal data of 25,000 Hongkongers at risk after #cyberattack against consumer watchdog, up from earlier estimate of 8,000
➝ 🇺🇸 🔓 National Student Clearinghouse data breach impacts 890 #schools
➝ 🇨🇦 ✈️ #AirCanada discloses data breach of employee and 'certain records'
➝ 🇰🇵 🇪🇸 North Korean hackers posed as #Meta recruiter on #LinkedIn
➝ 👥 ShadowSyndicate: A New #Cybercrime Group Linked to 7 #Ransomware Families
➝ 🇷🇺 ✈️ Russian flight booking system suffers ‘massive’ cyberattack
➝ 🇨🇳 🇺🇸 Chinese hackers stole emails from US State Dept in #Microsoft breach, Senate staffer says
➝ 🇨🇳 Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign
➝ 🇺🇦 🚀 Ukrainian Military Targeted in Phishing Campaign Leveraging #Drone Manuals
➝ 🥷🏻 💰 Hackers steal $200M from #crypto company #Mixin
➝ 🇳🇬 ⚖️ Nigerian man pleads guilty to attempted $6 million BEC email heist
➝ 🇺🇸 ⚖️ ShinyHunters member pleads guilty to $6 million in data theft damages
➝ 🇨🇳 #China-Linked Budworm Targeting Middle Eastern #Telco and Asian Government Agencies
➝ 🇨🇳 🚪 Backdoored firmware lets China state hackers control #routers with “magic packets”
➝ 🇺🇸 👮🏻♂️Security researcher warns of chilling effect after feds search phone at #airport
➝ 🦠 ❗️FBI Warns Organizations of Dual Ransomware, Wiper Attacks
➝ 🤖 🦠 #Bing Chat responses infiltrated by ads pushing #malware
➝ 🏥 🎣 Red Cross-Themed #Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
➝ 🥷🏻 🐍 #SSH keys stolen by stream of malicious #PyPI and #npm packages
➝ 🏦 🎠 New Variant of #Banking #Trojan BBTok Targets Over 40 Latin American Banks
➝ 🦠 🚪 #Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
➝ 🚀 #Sysdig Launches Realtime Attack Graph for Cloud Environments
➝ 🐛 📨 Critical vulnerabilities in #Exim threaten over 250k #email servers worldwide
➝ 🔓 Progress warns of maximum severity WS_FTP Server vulnerability
➝ 🩹 🔥 #Google fixes fifth actively exploited Chrome zero-day of 2023
➝ 🩹 🍏 #macOS 14 #Sonoma Patches 60 #Vulnerabilities
➝ 🩹 🦊 #Firefox 118 Patches High-Severity Vulnerabilities
➝ 🤫 ✅ Google quietly corrects previously submitted disclosure for critical #webp 0-day
➝ 👀 🇪🇬 0-days exploited by commercial surveillance vendor in #Egypt
📚 This week's recommended reading is: "Philosophy of Cybersecurity" by @LukaszOlejnik and Artur Kurasinski
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-392023