IT Security Weekend Catch Up – August 4, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Chrome removing third-party cookies or not?
  2. X begins training Grok AI with your posts, here’s how to disable
  3. Pro-Ukrainian hackers claim attack on Russian cyber company
  4. NCA shuts down major fraud platform responsible for 1.8 million scam calls
  5. Leader of tech support fraud scheme sentenced to seven years in prison
  6. U.S. trades cybercriminals to Russia in prisoner swap

For the more technical

  1. CrowdStrike’s final post-incident report
  2. WhatsApp for Windows lets Python, PHP scripts execute with no warning
  3. Wrong Check Point (CVE-2024-24919)
  4. The tragedy of low-level exploitation
  5. Improving the security of Chrome cookies on Windows
  6. SLUBStick: Arbitrary memory writes through practical software cross-cache attacks within the Linux kernel (PDF)
  7. PKfail. Supply-chain failures in Secure Boot key management (PDF)
  8. Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
  9. “EchoSpoofing” — A massive phishing campaign exploiting Proofpoint’s email protection to dispatch millions of perfectly spoofed emails
  10. Phishing targeting Polish SMBs continues via ModiLoader
  11. Social media malvertising campaign promotes fake AI editor website for credential theft
  12. Threat actor impersonates Google via fake ad for Authenticator
  13. Mandrake spyware sneaks onto Google Play again, flying under the radar for two years
  14. BingoMod: The new android RAT that steals money and wipes data
  15. Unmasking the SMS stealer: Targeting several countries with deceptive apps
  16. StackExchange abused to spread malicious Python package that drains victims’ crypto wallets
  17. Introducing Gh0stGambit: A dropper for deploying Gh0st RAT
  18. Unveiling the latest banking trojan threats in LATAM
  19. Threat actor abuses Cloudflare Tunnels to deliver RATs
  20. Surge in Magniber ransomware attacks impact home users worldwide
  21. IR Trends: Ransomware on the rise, while technology becomes most targeted sector
  22. ThreatLabz 2024 Ransomware Report (PDF)
  23. Ducks Now Sitting (DNS): Internet infrastructure insecurity
  24. Who knew? Domain hijacking is so easy
  25. UNC4393 goes gently into the SILENTNIGHT
  26. APT45: North Korea’s digital military machine
  27. APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
  28. SideWinder utilizes new infrastructure to target ports and maritime facilities in the Mediterranean Sea
  29. StormBamboo compromises ISP to abuse insecure software update mechanisms

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *