IT Security Weekend Catch Up – February 13, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. CD Projekt Red source code reportedly sells for millions in dark Web auction
  2. Yandex suffers data breach after sysadmin sold access to user emails
  3. Largest commercial bank in Ukraine has 40 million user records sold online
  4. More than 100 financial services firms hit with DDoS extortion attacks
  5. Emsisoft: Incident report
  6. That Slack email you just got asking to reset your password is legit, not a scam
  7. $1 million is just the beginning: Q4 2020 in network access sales
  8. Feds traced Bitcoin transactions to a drug dealer’s apartment
  9. Ten hackers arrested for string of SIM-swapping attacks against celebrities
  10. How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic

For the more technical

  1. NUMBER:JACK – Forescout research labs finds nine ISN generation vulnerabilities affecting TCP/IP stacks
  2. Multiple security updates affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
  3. Microsoft February 2021 Patch Tuesday
  4. Internet Explorer 11 zero-day vulnerability gets a free micropatch
  5. Google Chrome vulnerability: CVE-2021-21117
  6. The Great Suspender Chrome extension’s fall from grace
  7. Launching OSV – Better vulnerability triage for open source
  8. Apple puts additional walls between your browsing data and Google on iOS 14.5
  9. Hacking Chess.com and accessing 50 million customer records
  10. New research reveals who’s targeted by email attacks
  11. New phishing attack uses Morse code to hide malicious URLs
  12. What’s most interesting about the Florida water system hack? That we heard about it at all
  13. Supercookie uses favicons to assign a unique identifier to website visitors
  14. How I hacked into Apple, Microsoft and dozens of other companies
  15. Sonatype spots 150+ malicious npm packages copying recent software supply chain attacks that hit 35 organizations
  16. Web shell attacks continue to rise
  17. PyPI, GitLab dealing with spam attacks
  18. Discord CDN: A popular choice for hosting malicious payloads
  19. Breached water plant employees used the same TeamViewer password and no firewall
  20. Domestic Kitten – An inside look at the Iranian surveillance operations
  21. ScreenConnect remote access tool utilizing Ministry of Foreign affairs-themed EXEs and URLs
  22. Reverse engineering Emotet

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *