IT Security Weekend Catch Up – December 17, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Google Pixel bug prevented users from calling 911
  2. A South Korean city will test facial recognition as a way to track the virus
  3. Taking action against the surveillance-for-hire industry (PDF)
  4. Russian national sentenced for providing crypting service for Kelihos botnet

For the more technical

  1. Log4Shell log4j vulnerability (CVE-2021-44228 / CVE-2021-45046) – cheat-sheet reference guide
  2. The numbers behind Log4j vulnerability CVE-2021-44228
  3. Ten families of malicious samples are spreading using the Log4j2 vulnerability now
  4. Zero-day critical vulnerability in Log4j2 exploited in the wild
  5. Analysis of novel Khonsari ransomware deployed by the Log4Shell vulnerability
  6. Ransomware advisory: Log4Shell exploitation for initial access & lateral movement
  7. Log4j vulnerability: Attackers shift focus from LDAP to RMI
  8. Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
  9. CVE-2021-42287/CVE-2021-42278 weaponisation
  10. The December 2021 security update review
  11. Microsoft fixes Windows AppX Installer zero-day used by Emotet
  12. A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
  13. HackerOne: Software vulnerabilities increase by 20% in 2021
  14. [VIDEO] mXSS in 2021 – One long solved problem?
  15. The definitive guide to SSH tunneling, port redirection, and bending traffic like a boss (PDF)
  16. Avast finds backdoor on US government commission network
  17. 3 new malicious packages found on PyPI
  18. Conti cyber attack on the HSE (PDF)
  19. Anubis Android malware returns to target 394 financial apps
  20. The dirty dozen of Latin America: From Amavaldo to Zumanek
  21. Staging a quack: Reverse analyzing a fileless QAKBOT stager
  22. PseudoManuscrypt: a mass-scale spyware attack campaign
  23. Phishing campaign targeting Korean to deliver Agent Tesla new variant
  24. APT31: Pakdoor. Technical report (PDF)
  25. Espionage campaign targets telecoms organizations across Middle East and Asia
  26. Nation state threat group targets airline with Aclip backdoor
  27. Tropic Trooper targets transportation and government
  28. Phorpiex botnet returns with new tricks making it harder to disrupt

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *