IT Security Weekend Catch Up – December 11, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Telegram: Sign up without a SIM card
  2. Apple advances user security with powerful new data protections
  3. Android app with over 5m downloads leaked user browsing history
  4. Cops can extract data from 10,000 different car models’ infotainment systems
  5. French hospital cancels operations after cyberattack
  6. US Health Dept warns of Royal Ransomware targeting healthcare (PDF)
  7. Amnesty International Canada target of sophisticated cyber-attack linked to China

For the more technical

  1. Building a virtual machine inside ChatGPT
  2. TryHackMe: Advent of Cyber 2022
  3. Critical vulnerability (CVE-2021-35587) in Oracle Fusion Middleware now exploited
  4. Netgear router network misconfiguration
  5. Hackers hijack Linux devices using PRoot isolated filesystems
  6. Pwn2Own Toronto 2022 – Day One Results, Day Two Results, Day Three Results, Day Four Results and Master of Pwn
  7. Supply chain vulnerabilities put server ecosystem at risk
  8. COVID-bit: Keep a distance of (at least) 2m from my air-gap computer
  9. Main phishing and scamming trends and techniques
  10. Keys to the kingdom: How compromised corporate emails have become the most attractive attack vector for cybercriminals (PDF)
  11. Cybercriminal market in Telegram
  12. “In The Box” – mobile malware webinjects marketplace
  13. The scammers who scam scammers on cybercrime forums: Part 1
  14. Purpose built criminal proxy services and the malicious activity they enable
  15. Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers
  16. Technical analysis of DanaBot obfuscation techniques
  17. The story of a ransomware turning into an accidental wiper
  18. New ransomware disrupting transportation and logistics industry in Israel
  19. Blowing Cobalt Strike out of the water with memory analysis
  20. Zerobot – new Go-based botnet campaign targets multiple vulnerabilities
  21. Vice Society: Profiling a persistent threat to the education sector
  22. DEV-0139 launches targeted attacks against the cryptocurrency industry
  23. ₿uyer ₿eware: Fake cryptocurrency applications serving as front for AppleJeus malware
  24. Internet Explorer 0-day exploited by North Korean actor APT37
  25. New MuddyWater threat: Old kitten; new tricks
  26. Mustang Panda uses the Russian-Ukrainian war to attack Europe and Asia Pacific targets
  27. Exposing TAG-53’s credential harvesting infrastructure used for Russia-aligned espionage operations
  28. Russia compromises major UK and US organisations to attack Ukraine
  29. BackdoorDiplomacy wields new tools in fresh Middle East campaign
  30. Iran: State-backed hacking of activists, journalists, politicians

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *