IT Security Weekend Catch Up – April 30, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Tweets on AstraZeneca have disinformation, Hyderabad-based portal among sources, claim researchers
  2. High-level organizer of notorious hacking group FIN7 sentenced to ten years in prison for scheme that compromised tens of millions of debit and credit cards
  3. Turkey launches international hunt for cryptocurrency boss
  4. Facebook and Gucci file joint lawsuit against persistent counterfeiter
  5. DigitalOcean says customer billing data accessed in data breach
  6. Fourth time’s a charm – OGUsers hacking forum hacked again
  7. Radixx announces security incident impacting Radixx Res
  8. FBI paid anti-child predator charity $250,000 for hacking tools
  9. Mass extraction: The widespread power of U.S. law enforcement to search mobile phones
  10. Can you fight BEC popularity in Nigeria by steering youth to legitimate IT jobs?
  11. I made millions selling drugs online, then it all came crashing down

For the more technical

  1. Cyber espionage group UNC1151 likely conducts ghostwriter influence activity (PDF)
  2. SonicWall Email Security zero-day vulnerabilities
  3. Suspected APT actors leverage authentication bypass techniques and Pulse Secure zero-day
  4. CISA identifies Supernova malware during incident response
  5. Apple AirDrop shares more than files
  6. Researchers say ‘massive’ macOS bug was exploited by hackers
  7. Shlayer malware abusing Gatekeeper bypass on macOS
  8. XCSSET quickly adapts to macOS 11 and M1-based Macs
  9. Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective
  10. Security assessment of Accellion’s File Transfer Appliance (PDF)
  11. Positive Technologies’ key research activities in 2019–2021
  12. Remote code execution vulnerabilities in Cosori smart air fryer
  13. New vulnerabilities discovered allow access to user data and complete takeover
  14. Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
  15. A ransomware gang made $260,000 in 5 days using the 7zip utility
  16. New Clubhouse security vulnerabilities could happen to any growing unicorn
  17. Duo two-factor authentication bypass
  18. Hacking 3,000,000 apps at once through CocoaPods
  19. PHP supply chain attack on Composer
  20. Remote code execution in Homebrew by compromising the official Cask repository
  21. Logins for 1.3 million Windows RDP servers collected from hacker market
  22. Hello ransomware uses updated China Chopper web shell, SharePoint vulnerability
  23. Breaking ABUS Secvest internet-connected alarm systems (CVE-2020-28973)
  24. “BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks
  25. What can you find in 57K AWS S3 buckets? 2021 update
  26. Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang
  27. Ransomware gang tries to extort Apple hours ahead of Spring Loaded event
  28. Hundreds of networks reportedly hacked in Codecov supply-chain attack
  29. HashiCorp is the latest victim of Codecov supply-chain attack
  30. Nearly half of malware now use TLS to conceal communications
  31. EtterSilent: the underground’s new favorite maldoc builder
  32. Spotting malicious Excel4 macros
  33. Ransomware by the numbers: Reassessing the threat’s global impact
  34. Babuk ransomware readies ‘shut down’ post, plans to open source malware
  35. UNC2447 SOMBRAT and FIVEHANDS ransomware: A sophisticated financial threat
  36. [VIDEO] Hunting Cobalt Strike using Sysmon and Sentinel
  37. Prometei botnet exploiting Microsoft Exchange vulnerabilities
  38. Lazarus group recruitment: Threat hunters vs head hunters
  39. (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
  40. Lazarus APT conceals malicious code within BMP image to drop its RAT
  41. RotaJakiro: A long live secret backdoor with 0 VT detection
  42. SolarWinds: Illuminating the hidden patterns that advance the story
  43. uBlock Origin works best on Firefox
  44. Edge cases in app & backend development: Dates & time
  45. Linux kernel team rejects University of Minnesota researchers’ apology
  46. Data from the Emotet malware is now searchable in Have I Been Pwned, courtesy of the FBI and NHTCU
  47. GitHub disables Google FLoC user tracking on its website

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *