IT Security Weekend Catch Up – July 24, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet
  2. New ‘Meow’ attack has wiped over 1,800 unsecured databases
  3. CouchSurfing investigates data breach after 17m user records appear on hacking forum
  4. Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers
  5. Ransomware gang demands $7.5 million from Argentinian ISP
  6. Blackbaud Hack: Universities lose data to ransomware attack
  7. Twitter hackers could have stolen a whole lot more Bitcoin
  8. ‘We’re embarrassed’: This is what Twitter sent to accounts that were hacked
  9. After Twitter hack, Senator asks why DMs aren’t encrypted
  10. World’s most wanted man Jan Marsalek located in Belarus; data points to Russian Intel links
  11. World’s most wanted man involved in bizarre attempt to buy hacking tools
  12. Two Chinese hackers working with the Ministry of State Security charged with global computer intrusion campaign
  13. The FBI is secretly using a $2 billion travel company as a global surveillance tool
  14. The Microsoft police state: Mass surveillance, facial recognition, and the Azure cloud
  15. Apple being sued for refusing to help iTunes gift card scam victims
  16. Police in Germany have too much access to personal online data, top court says
  17. Anti-piracy groups mull “Know Your Customer” proposal to tackle pirate sites
  18. GitHub Archive Program: the journey of the world’s open source code to the Arctic

For the more technical

  1. Adobe issues emergency fixes for critical vulnerabilities in Photoshop, Bridge, Prelude
  2. Attacks bypassing the signature validation in PDF (PDF)
  3. MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
  4. Remote code execution against SharePoint Server abusing DataSet
  5. Arbitrary file delete via wsreset.exe // Bypass adaware antivirus
  6. Cisco patches actively exploited ASA/FTD firewall vulnerability
  7. Crooks have acquired proprietary Diebold software to “jackpot” ATMs
  8. Here’s why your Samsung Blu-ray player bricked itself: It downloaded an XML config file that broke the firmware
  9. D-Link blunder: Firmware encryption key exposed in unencrypted image
  10. Vulnerable cellular routers targeted in latest attacks on Israel water facilities
  11. The rise of OpenBullet: A deep dive in the attacker’s ATO toolkit
  12. MATA: Multi-platform targeted malware framework
  13. Updates on ThiefQuest, the quickly-evolving macOS malware
  14. Emotet botnet is now heavily spreading QakBot malware
  15. Prometei botnet and its quest for Monero
  16. Chinese APT group targets India and Hong Kong using new variant of MgBot malware
  17. How scammers are hiding their phishing trips in public clouds
  18. Here we go again: with instability in English language Darknet Markets, is Hydra about to take over?
  19. Russian cyberattacks an ‘urgent threat’ to national security (PDF)
  20. Bitwarden: Security audit complete

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *