IT Security Weekend Catch Up – December 27, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. US judge finds Israel’s NSO Group liable for hacking in WhatsApp lawsuit
  2. Ireland fines Meta $264 million over 2018 Facebook data breach
  3. WIRED: The worst hacks of 2024
  4. Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing
  5. European Space Agency’s official store hacked to steal payment cards
  6. US adds 9th telecom company to list of known Salt Typhoon targets
  7. FBI links North Korean hackers to $308 million crypto heist
  8. Japan Airlines resumes operations after cyberattack delays flights
  9. Rydox cybercrime marketplace shut down and three administrators arrested
  10. US seeks extradition of alleged LockBit ransomware developer from Israel
  11. Google fights back: proposes to limit default search agreements, wants to avoid selling Chrome

For the more technical

  1. Apache fixed a critical SQL Injection in Apache Traffic Control
  2. Resolved multiple vulnerabilities in Sophos Firewall
  3. Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
  4. Adobe warns of critical ColdFusion bug with PoC exploit code
  5. Kali Linux 2024.4 release (Python 3.12, goodbye i386, Raspberry Pi Imager & Kali NetHunter)
  6. Now you see me, now you don’t: Using LLMs to obfuscate malicious JavaScript
  7. Best-of-N jailbreaking (PDF)
  8. Analyzing malicious intent in Python code: A case study
  9. npm packages from Rspack, Vant compromised
  10. Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials
  11. Multiple critical vulnerabilities patched in WPLMS and VibeBP plugins
  12. DigiEver fix that IoT thing
  13. Badbox botnet is back
  14. DrayTek routers exploited in massive ransomware campaign: Analysis and recommendations
  15. HiatusRAT actors targeting web cameras and DVRs
  16. Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
  17. “DeceptionAds” — fake captcha driving infostealer infections and a glimpse to the dark side of Internet advertising
  18. Python-based NodeStealer version targets Facebook Ads Manager
  19. ESET Threat Report H2 2024

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *