IT Security Weekend Catch Up – December 24, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Polish opposition duo hacked with NSO spyware + more information
  2. The Worst Hacks of 2021
  3. The Belgian government has removed ‘backdoor requirement’ from new law after international protest
  4. Telehealth take-up: the risks and opportunities (PDF)
  5. Now DuckDuckGo is building its own desktop browser
  6. Google Drive could soon start locking your files
  7. Ubisoft confirms Just Dance data breach amid developer exodus
  8. The NCA shares 585 million passwords with Have I Been Pwned
  9. Meta (Facebook) sues operators of 39,000 phishing sites
  10. After Joker’s Stash shutdown, the market for stolen financial data looks a lot different
  11. 2easy: Logs marketplace on the rise
  12. Dark web marketplace ToRReZ shuts down

For the more technical

  1. Attacks on wireless coexistence: Exploiting cross-technology performance features for inter-chip privilege escalation (PDF)
  2. [VIDEO] Log4j RCE vulnerability explained with bypass for the initial fix
  3. Understanding the impact of Apache Log4j vulnerability
  4. Log4Shell – The call is coming from inside the house
  5. Examining Log4j vulnerabilities in connected cars and charging stations
  6. CISA Log4j Scanner
  7. CrowdStrike launches free targeted Log4j search tool
  8. Where’s the interpreter!? (CVE-2021-30853)
  9. Microsoft Teams: 1 feature, 4 vulnerabilities
  10. Azure App Service Linux source repository exposure
  11. What are attackers after on IoT devices? (PDF)
  12. Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)
  13. New Dell BIOS updates cause laptops and desktops not to boot
  14. Faking a positive COVID test
  15. Audio bugging with the Fisher Price Chatter Bluetooth Telephone
  16. Vulnerabilities in metal detector peripheral could allow attackers to manipulate security devices
  17. Spider-miner: With great power comes great problems
  18. New Joker malware detected on Google Play, 500.000+ users affected
  19. Android banking trojan spreads via fake Google Play Store page
  20. Log4j vulnerability now used to install Dridex banking malware
  21. Dridex malware trolls employees with fake job termination emails
  22. The continued evolution of Abcbot
  23. DarkWatchman: A new evolution in fileless techniques
  24. Stealthy BLISTER malware slips in unnoticed on Windows systems
  25. Avos Locker remotely accesses boxes, even running in Safe Mode
  26. Rook ransomware is yet another spawn of the leaked Babuk code

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *