IT Security Weekend Catch Up – December 31, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. The global version of Steam appears to be banned in China
  2. Samsung’s Galaxy Store is distributing apps that could infect phones with malware
  3. Fintech firm hit by Log4j hack refuses to pay $5 million ransom
  4. Cyberattack on one of Norway’s largest media companies shuts down presses
  5. Ransomware gang coughs up decryptor after realizing they hit the police
  6. LastPass users warned their master passwords are compromised
  7. US logistics company exposes Fortune 500 clients
  8. University loses 77TB of research data due to backup error
  9. [VIDEO] 2021 in review: The biggest cybersecurity stories of the year
  10. Russian national extradited for role in hacking and illegal trading scheme

For the more technical

  1. Log4j 2.17.1 out now, fixes new remote code execution bug
  2. Implant.ARM.iLOBleed.a – technical abstract (PDF)
  3. Critical flaws in myPRO HMI/SCADA product could allow takeover vulnerable systems
  4. Firmware attack can drop persistent malware in hidden SSD area (PDF)
  5. QNAP NAS devices hit in surge of ech0raix ransomware attacks
  6. Redline Stealer targeting accounts saved to web browser with automatic login feature included
  7. T‑Mobile releases 2021 scam and robocall report
  8. Phishing in organizations: Findings from a large-scale and long-term study (PDF)
  9. The day when the AWS Support got access to your S3 data
  10. Double authentication is not as effective as it used to be, beware of hackers (PDF)
  11. Cyberattacks shut down building automation systems
  12. Strategically aged domain detection: Capture APT attacks with DNS traffic trends
  13. OverWatch exposes AQUATIC PANDA in possession of Log4Shell exploit tools during hands-on intrusion attempt
  14. Flagpro: The new malware used by BlackTech
  15. A deep dive into DoubleFeature, Equation Group’s post-exploitation dashboard
  16. Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *