IT Security Weekend Catch Up – December 17, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Play ransomware claims attack on Belgium city of Antwerp
  2. Hackers leak personal info allegedly stolen from 5.7M Gemini users
  3. Uber suffers new data breach after attack on vendor, info leaked online
  4. FBI’s vetted info sharing network ‘InfraGard’ hacked
  5. Federal prosecutors in Los Angeles and Alaska charge 6 defendants with operating websites that offered computer attack services
  6. SEC charges Samuel Bankman-Fried with defrauding investors in crypto asset trading platform FTX
  7. TikTok is a national security risk, not a privacy one

For the more technical

  1. FortiOS – heap-based buffer overflow in sslvpnd
  2. Microsoft December 2022 Patch Tuesday
  3. Critical remote code execution vulnerability in SPNEGO Extended Negotiation Security Mechanism
  4. About the security content of iOS 16.2 and iPadOS 16.2
  5. Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential unauthorized database access
  6. Cool vulns don’t live long – Netgear and Pwn2Own
  7. APT5: Citrix ADC threat hunting guidance (PDF)
  8. Abusing JSON-based SQL to bypass WAF
  9. NIST retires SHA-1 cryptographic algorithm
  10. ESF potential threats to 5G network slicing (PDF)
  11. Announcing OSV-Scanner: Vulnerability scanner for open source
  12. How 140k NuGet, NPM, and PyPi packages were used to spreadphishing links
  13. Multiple zero-day vulnerabilities in leading Endpoint Detection and Response (EDR) and antivirus (AV) solutions
  14. Signed driver malware moves up the software trust chain
  15. Pulling the curtains on Azov Ransomware: Not a skidsware but polymorphic wiper
  16. Breaking the silence – Recent Truebot activity
  17. MoneyMonger: Predatory loan scam campaigns move to flutter
  18. MCCrash: Cross-platform DDoS botnet targets private Minecraft servers
  19. GoTrim: Go-based botnet actively brute forces WordPress websites

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *