IT Security Weekend Catch Up – August 23, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Research casts doubt on value of threat Intel feeds
  2. ATM hackers have picked up some clever new tricks
  3. Tens of suspects arrested for cashing-out Santander ATMs using software glitch
  4. University of Utah pays $457,000 to ransomware gang
  5. World’s largest cruise line operator Carnival hit by ransomware
  6. Maze ransomware crew claims to have hacked SK hynix, leaks 5% of stolen files
  7. Business technology giant Konica Minolta hit by new ransomware
  8. REvil ransomware hits Jack Daniel’s manufacturer
  9. Tea at the Ritz soured by credit card scammers
  10. 235M Instagram, TikTok, and YouTube profiles exposed in database breach
  11. Anti-piracy outfit hires VPN expert to help track down The Pirate Bay
  12. Michigan college will digitally track students’ movements at all times
  13. Secret Service bought access to cellphone location data
  14. License plate tracking for police set to go nationwide
  15. United States Postal Service (USPS) files patent for a blockchain-based voting system
  16. Former chief security officer for Uber charged with obstruction of justice

For the more technical

    1. GlueBall: The story of CVE-2020–1464
    2. Security vulnerabilities of Apache Struts
    3. [VIDEO] sec4dev 2020 – Modern PHP Security
    4. On bugs and features in email end-to-end encryption (PDF)
    5. Sending SPF and DMARC passing mail as any Gmail or G Suite customer
    6. New vulnerability could put IoT devices at risk
    7. ICS vulnerability report identifies risks to OT networks
    8. FritzFrog: A new generation of peer-to-peer botnets
    9. Ransom demands return: New DDoS extortion threats from old actors targeting finance and retail
    10. WannaRen ransomware author contacts security firm to share decryption key
    11. The XCSSET malware: Inserts malicious code into Xcode projects, performs UXSS backdoor planting in Safari, and leverages two zero-day exploits (PDF)
    12. Multiple GoldenSpy uninstaller variants discovered
    13. IcedID campaign strikes back
    14. Team TNT – The first crypto-mining worm to steal AWS credentials
    15. WellMess malware: analysis of its Command and Control (C2) server
    16. New attack alert: Duri
    17. North Korean remote access trojan: Blindingcan
    18. Transparent Tribe: Evolution analysis
    19. Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”
    20. Facebook: Classic vs new – which is better for OSINT?
    21. Lamphone: Real-time passive sound recovery from light bulb vibrations
    22. Listen to your key: Towards acoustics-based physical key inference (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *