IT Security Weekend Catch Up – January 11, 2025

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. EFCSN disappointed by end to Meta’s Third Party Fact-Checking Program in the US; Condemns statements linking fact-checking to censorship
  2. Britain to make sexually explicit ‘deepfakes’ a crime
  3. Is 10,000 steps a day worth your personal data? How 80% of fitness apps are selling your privacy
  4. UN aviation agency ICAO confirms its recruitment database was hacked
  5. A day in the life of a prolific voice phishing crew
  6. Russian nationals arrested by US, accused of running crypto mixers Blender and Sinbad
  7. Inside Russian spy’s Norfolk guesthouse

For the more technical

  1. [VIDEO] How Russian cyber-spies attack Ukraine
  2. Ivanti Connect Secure VPN targeted in new zero-day exploitation
  3. SonicWall urges admins to patch exploitable SSLVPN bug immediately
  4. Genetic engineering meets reverse engineering: DNA sequencer’s vulnerable BIOS
  5. Vulnerable Moxa devices expose industrial networks to attacks
  6. ThievingFox – remotely retrieving credentials from password managers and Windows utilities
  7. Backdooring your backdoors – another $20 domain, more governments
  8. Malicious npm campaign targets Ethereum developers with fake Hardhat packages
  9. Critical vulnerabilities found in Fancy Product Designer plugin
  10. Intelligence Insights: December 2024
  11. Recent cases of watering hole attacks, part 2
  12. Inside FireScam : An information stealer with spyware capabilities
  13. Banshee: The stealer that “stole code” from MacOS XProtect
  14. Information stealer masquerades as LDAPNightmare (CVE-2024-49113) PoC exploit
  15. CryptBot: Hunting for initial access vector
  16. PeakLight: Illuminating the shadows
  17. FunkSec – alleged top ransomware group powered by AI
  18. Transaction simulation spoofing: A new threat in Web3
  19. Chinese state-sponsored RedDelta targeted Taiwan, Mongolia, and Southeast Asia with adapted PlugX infection chain
  20. Blurring the lines: How nation-states and organized cybercriminals are becoming alike

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *