IT Security Weekend Catch Up – December 12, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Philly hunger relief group Philabundance lost nearly $1 million in cyberattack
  2. Shirbit hackers release more data as company refuses to pay ransom
  3. Payment processing giant TSYS: Ransomware incident “immaterial” to company
  4. Ransomware forces hosting provider Netgain to take down data centers
  5. Ransomware gangs are now cold-calling victims if they restore from backups without paying
  6. Pfizer/BioNTech vaccine docs hacked from European Medicines Agency + Statement regarding cyber attack on European Medicines Agency
  7. Hackers leak data from Embraer, world’s third-largest airplane maker
  8. Hackers are selling more than 85,000 MySQL databases on a dark web portal
  9. More than 20,000 arrests in year-long global crackdown on phone and Internet scams
  10. Kazakhstan government is intercepting HTTPS traffic in its capital
  11. New cross-border online terrorist content rules sparks rights concerns
  12. New York City Council votes to prohibit businesses from using facial recognition without public notice
  13. Endangered Firefox: The state of Mozilla
  14. Manifest V3 now available on M88 Beta
  15. Google and Apple are banning technology for sharing users’ location data

For the more technical

  1. December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
  2. PsExec local privilege escalation + PoC
  3. Android Security Bulletin – December 2020
  4. “Important, Spoofing” – zero-click, wormable, cross-platform remote code execution in Microsoft Teams
  5. CVE-2020-17049: Kerberos Bronze Bit attack – theory & practical exploitation
  6. OpenSSL Security Advisory: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
  7. Vulnerability in GE LightSpeed, Revolution, and other CT, MRI, and X-Ray imaging systems
  8. Russian state-sponsored malicious cyber actors exploit known vulnerability in virtual workspaces (PDF)
  9. Pwnie Awards 2020 winners include Zerologon, CurveBall, Checkm8, BraveStarr attacks
  10. Depix – a tool for recovering passwords from pixelized screenshots
  11. Oblivious DNS over HTTPS (ODoH): A practical privacy enhancement to DNS (PDF)
  12. WAF evasion techniques
  13. Etherify 5 – switching the switches
  14. Tactics, techniques and procedures (TTPs) utilized by FireEye’s Red Team tools
  15. Evading link scanning security services with passive fingerprinting
  16. Hackers hide web skimmer inside a website’s CSS files
  17. Facebook: Taking action against hackers in Bangladesh and Vietnam
  18. Operation StealthyTrident: corporate software under attack
  19. Cyber actors target K-12 distance learning education to cause disruptions and steal data (PDF)
  20. Qbot malware switched to stealthy new Windows autostart method
  21. Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
  22. njRAT spreading through active Pastebin command and control tunnel

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *