IT Security Weekend Catch Up – December 14, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! newsletter: Messaging / smishing attacks (PDF)
  2. Mozilla and Opera remove Avast extensions from their add-on stores, what will Google do?
  3. Facebook fired a contractor who was paid thousands in bribes to reactivate banned ad accounts
  4. Russian police raid NGINX Moscow office
  5. Two Bayrob cybercrime members sentenced to 20 and 18 years in prison
  6. 460,000 Turkish card details put up for sale, web skimmers suspected
  7. Iran banks burned, then customer accounts were exposed online
  8. PR software firm exposes data on nearly 500k contacts
  9. Ransomware at Colorado IT provider affects 100+ dental offices

For the more technical

  1. The Signal private group system and anonymous credentials supporting efficient verifiable encryption (PDF)
  2. Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
  3. From iPhone to NT AUTHORITY\SYSTEM
  4. Hack could allow Windows 7 to get updates for three more years
  5. Microsoft Patch Tuesday by Morphus Labs
  6. Adobe releases their December 2019 security updates
  7. OpenBSD multiple authentication vulnerabilities
  8. Chrome releases: Stable channel update for desktop
  9. VMware addresses ESXi issue disclosed at the Tianfu Cup hacking competition
  10. Binary planting with the npm CLI
  11. AirDoS: Remotely render any nearby iPhone or iPad unusable
  12. Intel’s SGX coughs up crypto keys when scientists tweak CPU voltage (PDF)
  13. KeyWe Smart Lock unauthorized access and traffic interception
  14. Blink XT2 camera system command injection flaws
  15. How hackers are breaking into Ring cameras
  16. Story of the year 2019: Cities under ransomware siege
  17. Ryuk Ransomware decryptor damages larger files, even if you pay
  18. Zeppelin: Russian ransomware targets high profile users in the U.S. and Europe
  19. Snatch ransomware reboots PCs into Safe Mode to bypass protection
  20. The quiet evolution of phishing
  21. Phishing campaign uses malicious Office 365 app
  22. A successful BEC leveraging lookalike domains
  23. From a TrickBot infection to the discovery of the Anchor malware
  24. How the TrickBot group united high-tech crimeware & APT
  25. GALLIUM: Targeting global telecom
  26. Waterbear is back, uses API hooking to evade security product detection

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *