IT Security Weekend Catch Up – April 5, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. ‘Zoombombing’: When video conferences go wrong
  2. ‘War Dialing’ tool exposes Zoom’s password problems
  3. Zoom iOS app sends data to Facebook even if you don’t have a Facebook account
  4. Personal details for the entire country of Georgia published online
  5. Hacker selling data of 538 million Weibo users
  6. Marriott discloses new data breach impacting 5.2 million hotel guests
  7. Medical and military contractor Kimchuk hit by data-stealing ransomware
  8. Paris hospitals target of failed cyber-attack, authority says
  9. Phish of GoDaddy employee jeopardized Escrow.com, among others
  10. A new breed of drug dealer has turned buying drugs into a treasure hunt
  11. Rare cybercrime enforcement in Russia yields 25 arrests, shutters ‘BuyBest’ marketplace
  12. Ungodly espionage: Russian hackers targeted Orthodox clergy
  13. Saudis suspected of phone spying campaign in US
  14. An elite spy group used 5 zero-days to hack North Koreans
  15. Identifying vulnerabilities and protecting you from phishing

For the more technical

  1. Zero-day vulnerabilities in Adobe Type Manager Library affects multiple Windows OSs
  2. Micropatching unknown 0days in Windows Type 1 Font Parsing
  3. CVE-2019-1433: Going from ‘in the wild report’ to PoC
  4. CVE-2020-0729: Remote Code Execution through .LNK files
  5. Linux kernel bug – all kernels insufficiently restrict exit signals
  6. VPN bypass vulnerability in Apple iOS
  7. A vulnerability in Safari that allowed unauthorized websites to access your camera on iOS and macOS
  8. Slack, Zoom, Google Hangouts: Are your remote work apps spying on you?
  9. Zoom meetings aren’t end-to-end encrypted, despite misleading marketing
  10. A quick look at the confidentiality of Zoom meetings
  11. Analyzing WhatsApp calls with Wireshark, radare2 and Frida
  12. Imperva WAF bypass
  13. CVE-2020-0796 – Windows SMBv3 LPE exploit
  14. Attacking helpdesks part 1: RCE chain on DeskPro, with Bitdefender as a case study
  15. Applying a Stuxnet type attack to a Modicon PLC
  16. Monitoring ICS cyber operation tools and software exploit modules to anticipate future threats
  17. With IoT, common devices pose new threats
  18. Rare BadUSB attack detected in the wild against US hospitality provider
  19. Would you exchange your security for a gift card?
  20. Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
  21. TrickBot pushing a 2FA bypass app to bank customers in Germany
  22. iOS exploit chain deploys LightSpy feature-rich malware
  23. APT41 initiates global intrusion campaign using multiple exploits
  24. WildPressure targets industrial-related entities in the Middle East
  25. Loncom packer: from backdoors to Cobalt Strike
  26. On the Royal Road
  27. Zeus Sphinx trojan awakens amidst coronavirus spam frenzy
  28. Kwampirs malware employed in ongoing cyber supply chain campaign targeting global industries (PDF)
  29. The Vollgar campaign: MS-SQL servers under attack
  30. Full Operational Shutdown – another cybercrime case from the Microsoft Detection and Response Team
  31. Analysis of an attempted attack against Intel 471
  32. SilverTerrier: 2019 Nigerian Business Email Compromise update
  33. Holy water: ongoing targeted water-holing attack in Asia
  34. How we recovered over $300K of Bitcoin
  35. Be careful what you OSINT with
  36. Experimental security assessment on Lexus cars

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *