IT Security Weekend Catch Up – December 26, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. China used stolen data to expose CIA operatives in Africa and Europe
  2. Leonardo hack targeted military plane details, arrest warrant shows
  3. Hacker earns $2 million in bug bounties on HackerOne
  4. Firefox to ship ‘network partitioning’ as a new anti-tracking defense
  5. Madonna reacts to Instagram’s new Terms of Use – what are the updated policies?
  6. BMW will publicly shame out-of-warranty drivers with smart billboards and license plate readers
  7. Europol and the European Commission inaugurate new decryption platform to tackle the challenge of encrypted material for law enforcement investigations
  8. The FBI is secretly breaking into encrypted devices. We’re suing
  9. Cybercriminals’ favourite VPN taken down in global action + more information
  10. Nintendo conducted invasive surveillance operation against Homebrew hacker
  11. Crypto exchange EXMO hacked, appears to have lost $10.5 million worth of funds
  12. Physical addresses of 270K Ledger owners leaked on hacker forum

For the more technical

  1. Authentication bypass vulnerability in Bouncy Castle
  2. Google reported that Microsoft failed to fix a Windows zero-day flaw + more information
  3. Cross layer attacks and how to use them (PDF)
  4. This is how I was able to view anyone’s private email and birthday on Instagram
  5. Potentially ongoing worldwide UDP:443 (EDT) DDoS amplify attack against Citrix (NetScaler) Gateway
  6. Citrix devices are being abused as DDoS attack vectors
  7. QNAP fixes high severity QTS, QES, and QuTS hero vulnerabilities
  8. Sniff, there leaks my BitLocker key
  9. Journalists hacked with suspected NSO Group iMessage ‘zero-click’ exploit
  10. Counting broken links: A Quant’s view of software supply chain security (PDF)
  11. Software supply chain compromises – a living dataset
  12. Sunburst: connecting the dots in the DNS requests
  13. Partial lists of organizations infected with Sunburst malware released online
  14. SUPERNOVA: A novel .NET webshell + more information
  15. Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack
  16. Qualys Security Advisory: SolarWinds / FireEye
  17. Lazarus covets COVID-19-related intelligence
  18. Pay2Kitten – Fox Kitten 2
  19. Everything but the kitchen sink: more attacks from the Gitpaste-12 worm
  20. New Dark Web pricing analysis from Flashpoint

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *