IT Security Weekend Catch Up – April 10, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Polish e-Dowód management tool violates OpenSC LGPL license
  2. Cloudflare: Moving from reCAPTCHA to hCaptcha
  3. NSO Group: Facebook tried to license our spyware to snoop on its own addicts – the same spyware it’s suing us over
  4. Thousands of Zoom video calls left exposed on open Web
  5. Email provider got hacked, data of 600,000 users now sold on the dark web
  6. Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay
  7. Hacker exploits flaw in decentralized bitcoin exchange Bisq to steal $250K
  8. Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others
  9. We hacked a Ford Focus and a Volkswagen Polo

For the more technical

  1. [VIDEO] VirSecCon2020 – conference materials (≈7h)
  2. Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
  3. Hover_with_Power: Steps to reproduce the exploit
  4. A secret note to Bug hunters about URL structure and its parsers
  5. Several critical vulnerabilities on most HP machines running Windows
  6. Learn XPC exploitation – Part 1: Broken cryptography
  7. Android Security Bulletin—April 2020
  8. Breaking LastPass: Instant unlock of the password vault
  9. How we abused Slack’s TURN servers to gain access to internal services
  10. Can G Suite admin read my email?
  11. How to protect Serverless (Open)API’s?
  12. New dark_nexus IoT botnet puts others to shame
  13. DarkHotel hackers use VPN zero-day to breach Chinese government agencies
  14. Decade of the RATs: Novel APT attacks targeting Linux, Windows and Android
  15. Zero-day exploitation increasingly demonstrates access to money, rather than skill — intelligence for vulnerability management
  16. ITG08 (aka FIN6) partners with TrickBot gang, uses Anchor framework
  17. Kinsing malware attacks targeting container environments
  18. Unkillable xHelper and a Trojan matryoshka
  19. Automatic uncovering of hidden behaviors from input validation in mobile apps (PDF)
  20. iOS exploit chain deploys LightSpy feature-rich malware
  21. Don’t let fleeceware sneak into your iPhone
  22. Microsoft shares new threat intelligence, security guidance during global crisis
  23. Spam and phishing in 2019
  24. Clever cryptography could protect privacy in Covid-19 contact-tracing apps
  25. Fingerprint cloning: Myth or reality?
  26. Microsoft buys Corp.com so bad guys can’t
  27. Justdelete.me – a directory of direct links to delete your account from web services

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *