IT Security Weekend Catch Up – July 24, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet
2. New ‘Meow’ attack has wiped over 1,800 unsecured databases
3. CouchSurfing investigates data breach after 17m user records appear on hacking forum
4. Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers
5. Ransomware gang demands $7.5 million from Argentinian ISP
6. Blackbaud Hack: Universities lose data to ransomware attack
7. Twitter hackers could have stolen a whole lot more Bitcoin
8. ‘We’re embarrassed’: This is what Twitter sent to accounts that were hacked
9. After Twitter hack, Senator asks why DMs aren’t encrypted
10. World’s most wanted man Jan Marsalek located in Belarus; data points to Russian Intel links
11. World’s most wanted man involved in bizarre attempt to buy hacking tools
12. Two Chinese hackers working with the Ministry of State Security charged with global computer intrusion campaign
13. The FBI is secretly using a $2 billion travel company as a global surveillance tool
14. The Microsoft police state: Mass surveillance, facial recognition, and the Azure cloud
15. Apple being sued for refusing to help iTunes gift card scam victims
16. Police in Germany have too much access to personal online data, top court says
17. Anti-piracy groups mull “Know Your Customer” proposal to tackle pirate sites
18. GitHub Archive Program: the journey of the world’s open source code to the Arctic

For the more technical

1. Adobe issues emergency fixes for critical vulnerabilities in Photoshop, Bridge, Prelude
2. Attacks bypassing the signature validation in PDF (PDF)
3. MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
4. Remote code execution against SharePoint Server abusing DataSet
5. Arbitrary file delete via wsreset.exe // Bypass adaware antivirus
6. Cisco patches actively exploited ASA/FTD firewall vulnerability
7. Crooks have acquired proprietary Diebold software to “jackpot” ATMs
8. Here’s why your Samsung Blu-ray player bricked itself: It downloaded an XML config file that broke the firmware
9. D-Link blunder: Firmware encryption key exposed in unencrypted image
10. Vulnerable cellular routers targeted in latest attacks on Israel water facilities
11. The rise of OpenBullet: A deep dive in the attacker’s ATO toolkit
12. MATA: Multi-platform targeted malware framework
13. Updates on ThiefQuest, the quickly-evolving macOS malware
14. Emotet botnet is now heavily spreading QakBot malware
15. Prometei botnet and its quest for Monero
16. Chinese APT group targets India and Hong Kong using new variant of MgBot malware
17. How scammers are hiding their phishing trips in public clouds
18. Here we go again: with instability in English language Darknet Markets, is Hydra about to take over?
19. Russian cyberattacks an ‘urgent threat’ to national security (PDF)
20. Bitwarden: Security audit complete

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.