Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Research casts doubt on value of threat Intel feeds
- ATM hackers have picked up some clever new tricks
- Tens of suspects arrested for cashing-out Santander ATMs using software glitch
- University of Utah pays $457,000 to ransomware gang
- World’s largest cruise line operator Carnival hit by ransomware
- Maze ransomware crew claims to have hacked SK hynix, leaks 5% of stolen files
- Business technology giant Konica Minolta hit by new ransomware
- REvil ransomware hits Jack Daniel’s manufacturer
- Tea at the Ritz soured by credit card scammers
- 235M Instagram, TikTok, and YouTube profiles exposed in database breach
- Anti-piracy outfit hires VPN expert to help track down The Pirate Bay
- Michigan college will digitally track students’ movements at all times
- Secret Service bought access to cellphone location data
- License plate tracking for police set to go nationwide
- United States Postal Service (USPS) files patent for a blockchain-based voting system
- Former chief security officer for Uber charged with obstruction of justice
For the more technical
-
- GlueBall: The story of CVE-2020–1464
- Security vulnerabilities of Apache Struts
- [VIDEO] sec4dev 2020 – Modern PHP Security
- On bugs and features in email end-to-end encryption (PDF)
- Sending SPF and DMARC passing mail as any Gmail or G Suite customer
- New vulnerability could put IoT devices at risk
- ICS vulnerability report identifies risks to OT networks
- FritzFrog: A new generation of peer-to-peer botnets
- Ransom demands return: New DDoS extortion threats from old actors targeting finance and retail
- WannaRen ransomware author contacts security firm to share decryption key
- The XCSSET malware: Inserts malicious code into Xcode projects, performs UXSS backdoor planting in Safari, and leverages two zero-day exploits (PDF)
- Multiple GoldenSpy uninstaller variants discovered
- IcedID campaign strikes back
- Team TNT – The first crypto-mining worm to steal AWS credentials
- WellMess malware: analysis of its Command and Control (C2) server
- New attack alert: Duri
- North Korean remote access trojan: Blindingcan
- Transparent Tribe: Evolution analysis
- Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”
- Facebook: Classic vs new – which is better for OSINT?
- Lamphone: Real-time passive sound recovery from light bulb vibrations
- Listen to your key: Towards acoustics-based physical key inference (PDF)
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.