IT Security Weekend Catch Up – August 20, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. T-Mobile confirms hack that may have compromised 100 million users
  2. T‑Mobile shares additional information regarding ongoing cyberattack investigation
  3. Ford bug exposed customer and employee records from internal systems
  4. Colonial Pipeline reports data breach after May ransomware attack
  5. America’s secret terrorist watchlist exposed on the web without a password
  6. The Taliban have seized U.S. military biometrics devices
  7. Emails from Lithuanian Ministry of Foreign Affairs for sale on data-trading forum
  8. German parliament pens letter to Tim Cook with concerns over CSAM detection system
  9. New York man sentenced to 3 years for stealing students’ nude photos after hacking their accounts
  10. Messenger updates end-to-end encrypted chats with new features
  11. New Russian ad stars Bruce Willis… without Bruce Willis
  12. This $500 million Russian cyber mogul planned to take his company public—then America accused it of Hacking for Putin’s spies

For the more technical

  1. Why TLS is better without STARTTLS. A security analysis of STARTTLS in the email context
  2. New unofficial Windows patch fixes more PetitPotam attack vectors
  3. CVE-2021-21166: Chrome object lifecycle issue in audio
  4. [VIDEO] DEF CON 29 main stage presentations
  5. How to contact Google SRE: Dropping a shell in cloud SQL
  6. Multiple issues in Realtek SDK affects hundreds of thousands of devices down the supply chain
  7. Fortinet FortiWeb OS command injection
  8. Critical vulnerability affecting millions of IoT devices
  9. CVE-2021-1905: Qualcomm Adreno GPU memory mapping use-after-free
  10. Modify in-flight data to payment provider Smart2Pay
  11. Weaponizing middleboxes for TCP reflected amplification (PDF)
  12. Windows Hello bypassed using infrared image
  13. Microsoft Exchange servers are getting hacked via ProxyShell exploits
  14. Linux glibc security fix created a nastier Linux bug
  15. Crack Me If You Can 2021. Team write-up (PDF)
  16. HTTP/2: The sequel is always worse
  17. SynAck ransomware gang releases decryption keys for old victims
  18. DeepBlueMagic – new ransomware, new method
  19. RansomClave: Ransomware key management using SGX (PDF)
  20. Analysis of Diavol ransomware reveals possible link to TrickBot gang
  21. Malware dev infects own PC and data ends up on intel platform
  22. How to proactively defend against Mozi IoT botnet
  23. Malware campaign uses clever ‘captcha’ to bypass browser warning
  24. Operation Secondary Infektion continues targeting democratic institutions and regional geopolitics (PDF)
  25. Indra – hackers behind recent attacks on Iran
  26. Hackers breached US Census Bureau in January 2020 via Citrix vulnerability
  27. Uncovering Tetris – a full surveillance kit running in your browser
  28. North Korean APT InkySquid infects victims using browser exploits
  29. Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack
  30. Apple Watch forensics: The adapters

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *