IT Security Weekend Catch Up – August 9, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Silicon Valley’s vast data collection should worry you more than TikTok
  2. Google ‘accidentally’ enabled smart speakers to listen passive sounds
  3. Privacy problems are widespread for Alexa and Google Assistant voice apps, according to researchers
  4. Google just revealed how many people use its Privacy Checkup tool. It’s not good news
  5. Australian QR codes used for COVID-19 contact tracing redirect to websites that will disclose your personal information to adv companies
  6. How cops can secretly track your phone
  7. DHS had access to messages from Portland protesters, document shows
  8. China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI
  9. Have I Been Pwned’s code base will be open sourced
  10. Intel investigating breach after 20GB of internal documents leak online
  11. Bulgarian police arrest hacker Instakilla
  12. GandCrab ransomware operator arrested in Belarus
  13. Garmin received decryptor for WastedLocker ransomware
  14. Ransomware gang publishes tens of GBs of internal data from LG and Xerox
  15. Canon confirms ransomware attack in internal memo

For the more technical

  1. Black Hat USA 2020 – materials
  2. TikTok: Logs, logs, logs
  3. Windows 10: HOSTS file blocking telemetry is now flagged as a risk
  4. Microsoft Teams Updater living off the land
  5. EtherOops – bypassing firewalls and NATs by exploiting packet-in-packet attacks in Ethernet (PDF)
  6. New ‘unpatchable’ exploit allegedly found on Apple’s Secure Enclave chip, here’s what it could mean
  7. Vulnerability in new TouchID feature put iCloud accounts at risk of being breached
  8. Over 400 vulnerabilities on Qualcomm’s Snapdragon chip threaten mobile phones’ usability worldwide
  9. If you own one of these 45 Netgear devices, replace it: Kit maker won’t patch vulnerable gear despite live proof-of-concept code
  10. Researcher demos hacking of 3D printer firmware that can trigger a fire
  11. Mirai botnet exploit weaponized to attack IoT devices via CVE-2020-5902
  12. Hacker leaks passwords for 900+ enterprise VPN servers
  13. Cybersecurity vulnerability at major cosmetics brand leads to 7 gigabytes+ data leak
  14. Privilege escalation on enabled redirection of payments
  15. How malicious Tor relays are exploiting users in 2020
  16. Chinese hackers have pillaged Taiwan’s semiconductor industry
  17. Baking and boiling botnets could drive energy market swings and damage
  18. Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH)
  19. Take a “NetWalk” on the wild side
  20. WastedLocker’s techniques point to a familiar heritage
  21. Inter skimming kit used in homoglyph attacks
  22. Over 80 million users scammed by Chrome fake ad blockers
  23. Hacking the traffic light of the future

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *