IT Security Weekend Catch Up – April 25, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Prague airport reports failed cyberattacks
  2. Cyber criminals don’t ‘brake’ for pandemics
  3. About recent Uniswap and Lendf.Me reentrancy attacks
  4. IT services giant Cognizant suffers Maze Ransomware cyber attack
  5. Nintendo accounts are getting hacked and used to buy Fortnite currency
  6. Valve says it’s safe to play CS:GO and TF2 after source code leaked online
  7. Energy company in Poland exposed data of its customers
  8. Details of 20 million Aptoide app store users leaked on hacking forum
  9. Firefox’s Bug Bounty in 2019 and into the future
  10. COVID-19’s impact on Tor

For the more technical

  1. You’ve got (0-click) mail! Multiple vulnerabilities in MobileMail/Maild
  2. Apple says iOS Mail vulnerabilities do not pose immediate threat, patch coming
  3. New iOS exploit discovered being used to spy on China’s Uyghur minority
  4. New iPhone text-bomb bug: Just receiving this Sindhi character notification crashes iPhones
  5. CVE-2020-0022 an Android 8.0-9.0 Bluetooth zero-click RCE – BlueFrag
  6. Zoom Communications user enumeration
  7. You won’t believe what this one line change did to the Chrome sandbox
  8. Cleanly escaping the Chrome sandbox
  9. Multiple vulnerabilities in IBM Data Risk Manager
  10. The unpatchable silicon: A full break of the bitstream encryption ofXilinx 7-Series FPGAs (PDF)
  11. Serious flaws found in multiple smart home hubs: Is your device among them?
  12. Microsoft releases OOB security updates for Microsoft Office
  13. SMBGhost pre-auth RCE abusing Direct Memory Access structs
  14. Detect and prevent web shell malware (PDF)
  15. New stealth Magecart attack bypasses payment services ising iframes
  16. Trickbot to Ryuk in two hours
  17. BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware
  18. Exploiting (almost) every antivirus software
  19. COVID-19 has awakened Faketoken — the trojan is out to steal money again
  20. Oil & gas spearphishing campaigns drop Agent Tesla spyware in advance of historic OPEC+ deal
  21. Newly uncovered DNS tunnelling technique, and new campaign against South Korean gaming company
  22. Following ESET’s discovery, a Monero mining botnet is disrupted
  23. Evolution of Hoaxcalls
  24. Sawfish phishing campaign targets GitHub users
  25. The malvertiser that hacks revive ad servers, redirects victims to malware
  26. Mining for malicious Ruby gems
  27. Nazar: A lost amulet

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *