IT Security Weekend Catch Up – December 5, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Google illegally spied on workers before firing them, US labor board alleges
  2. DHS plans to start collecting eye scans and DNA — with the help of defense contractors
  3. Hacker collective member who made online threats against schools and airline sentenced to nearly 8 years in federal prison
  4. California hacker who stole proprietary information from Nintendo sentenced to three years in prison
  5. Ransomware attack cripples Vancouver public transportation agency
  6. CBS Last.fm fixes admin password leakage via Symfony profiler

For the more technical

  1. Vulnerability in Google Play Core Library remains unpatched in Google Play applications
  2. An iOS zero-click radio proximity exploit odyssey
  3. Bug or feature: Privilege escalation in Windows Autopilot
  4. GitHub: Securing the world’s software (PDF)
  5. Industry’s first dynamic analysis of 4 million publicly available Docker hub container images (PDF)
  6. Blackrota, a heavily obfuscated backdoor written in Go
  7. Remote code execution on Basecamp.com
  8. There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
  9. Etherify 3 – the PI 4’s dirty little secret
  10. Etherify 4 – back to earth with “normal” ethernet hardware
  11. Forensically sound cold system analysis
  12. ESET’s Cybersecurity Trends 2021 (PDF)
  13. The chronicles of Emotet
  14. German users targeted with Gootkit banker or REvil ransomware
  15. Turla Crutch: Keeping the “back door” open
  16. Bandook: Signed & delivered
  17. TrickBot now offers ‘TrickBoot’: Persist, brick, profit
  18. What did DeathStalker hide between two ferns?
  19. Evilginx-ing into the cloud: How we detected a red team attack in AWS
  20. DarkIRC bot exploits recent Oracle WebLogic vulnerability
  21. Global phishing campaign targeting the COVID-19 vaccine cold chain
  22. Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
  23. APT annual review: What the world’s threat actors got up to in 2020
  24. Uncovering the clients of cyberespionage firm Circles
  25. Dox, steal, reveal. Where does your personal data end up?
  26. Covid is causing shipping issues, but natural competitive forces are causing darknet market consolidatio
  27. Deep dive into an obfuscation-as-a-service for Android malware
  28. Payment skimmer hides in social media buttons

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *