IT Security Weekend Catch Up – April 2, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Medal count: OSINT analysis of real Russian losses for the first week of hostilities in Ukraine
  2. Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards
  3. EU Parliament passes privacy-busting crypto rules despite industry criticism
  4. Investigating influencer VPN ads on YouTube (PDF)
  5. Okta apologizes for waiting two months to notify customers of Lapsus$ breach
  6. Lapsus$ found a spreadsheet of accounts as they breached Okta, documents show
  7. UK police charge 2 teenagers in connection with Lapsus$ hacks
  8. Iberdrola suffers a hack that exposes the data of 1.3 million customers

For the more technical

  1. Behold, a password phishing site that can trick even savvy users
  2. Tracking cyber activity in Eastern Europe
  3. Spring4Shell: Zero-day vulnerability in Spring framework (CVE-2022-22965)
  4. Spring4Shell: Security analysis of the latest Java RCE ‘0-day’ vulnerabilities in Spring + more information
  5. Resolved RCE in Sophos Firewall (CVE-2022-1040)
  6. Vulnerabilities identified in Wyze Cam IoT device
  7. Spy in the GPU-box: Covert and side channel attacks on multi-GPU systems (PDF)
  8. The old switcheroo: Hiding code on Rockwell Automation PLCs
  9. BROKENWIRE: Wireless disruption of CCS electric vehicle charging (PDF)
  10. Arbitrary file read via the bulk imports UploadsPipeline
  11. A beautiful factory for malicious packages
  12. Microsoft is adding a new driver-blocklist feature to Windows Defender on Windows 10 and 11
  13. URL rendering trick enabled WhatsApp, Signal, iMessage phishing
  14. Honda bug lets a hacker unlock and start your car via replay attack
  15. An EFF investigation: Mystery GPS tracker on a supporter’s car
  16. An in-depth look at ICS vulnerabilities
  17. Triton malware remains threat to global critical infrastructure Industrial Control Systems (PDF)
  18. Russian-linked Android malware records audio, tracks your location
  19. Analysis of BlackGuard – a new info stealer malware being sold in a Russian hacking forum
  20. Mars Stealer: Oski refactoring
  21. Spoofed invoice used to drop IcedID
  22. Hive ransomware deploys novel IPfuscation technique to avoid detection
  23. First Python ransomware attack targeting Jupyter Notebooks
  24. KA-SAT Network cyber attack overview
  25. Chinese threat actor Scarab targeting Ukraine
  26. New milestones for Deep Panda: Log4Shell and digitally signed Fire Chili rootkits

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *