IT Security Weekend Catch Up – August 23, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. Research casts doubt on value of threat Intel feeds
2. ATM hackers have picked up some clever new tricks
3. Tens of suspects arrested for cashing-out Santander ATMs using software glitch
4. University of Utah pays $457,000 to ransomware gang
5. World’s largest cruise line operator Carnival hit by ransomware
6. Maze ransomware crew claims to have hacked SK hynix, leaks 5% of stolen files
7. Business technology giant Konica Minolta hit by new ransomware
8. REvil ransomware hits Jack Daniel’s manufacturer
9. Tea at the Ritz soured by credit card scammers
10. 235M Instagram, TikTok, and YouTube profiles exposed in database breach
11. Anti-piracy outfit hires VPN expert to help track down The Pirate Bay
12. Michigan college will digitally track students’ movements at all times
13. Secret Service bought access to cellphone location data
14. License plate tracking for police set to go nationwide
15. United States Postal Service (USPS) files patent for a blockchain-based voting system
16. Former chief security officer for Uber charged with obstruction of justice

For the more technical

1. 1. GlueBall: The story of CVE-2020–1464
   2. Security vulnerabilities of Apache Struts
   3. [VIDEO] sec4dev 2020 – Modern PHP Security
   4. On bugs and features in email end-to-end encryption (PDF)
   5. Sending SPF and DMARC passing mail as any Gmail or G Suite customer
   6. New vulnerability could put IoT devices at risk
   7. ICS vulnerability report identifies risks to OT networks
   8. FritzFrog: A new generation of peer-to-peer botnets
   9. Ransom demands return: New DDoS extortion threats from old actors targeting finance and retail
   10. WannaRen ransomware author contacts security firm to share decryption key
   11. The XCSSET malware: Inserts malicious code into Xcode projects, performs UXSS backdoor planting in Safari, and leverages two zero-day exploits (PDF)
   12. Multiple GoldenSpy uninstaller variants discovered
   13. IcedID campaign strikes back
   14. Team TNT – The first crypto-mining worm to steal AWS credentials
   15. WellMess malware: analysis of its Command and Control (C2) server
   16. New attack alert: Duri
   17. North Korean remote access trojan: Blindingcan
   18. Transparent Tribe: Evolution analysis
   19. Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”
   20. Facebook: Classic vs new – which is better for OSINT?
   21. Lamphone: Real-time passive sound recovery from light bulb vibrations
   22. Listen to your key: Towards acoustics-based physical key inference (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.