Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Estonian intelligence warns about Chinese state-linked Tik Tok big data collection
- Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?
- 200,000 Facebook Marketplace user records leaked on hacking forum
- ExpressVPN leaked DNS requests due to a bug in split tunneling feature
- Warzone RAT infrastructure seized
- FBI disrupts Moobot botnet used by Russian military hackers
- Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison
- Father and son who stole wild falcon eggs caught out by DNA testing
For the more technical
- Snap Trap: The hidden dangers within Ubuntu’s package suggestion system
- SmartScreen vulnerability: CVE-2024-21412 facts and fixes
- CVE-2024-21412: Water Hydra targets traders with Microsoft Defender SmartScreen zero-day
- Microsoft February 2024 Patch Tuesday
- The risks of the MonikerLink bug in Microsoft Outlook and the big picture
- Microsoft: New critical Exchange bug exploited as zero-day
- Zoom patches critical privilege elevation flaw in Windows apps
- The real Shim shady – How CVE-2023-40547 impacts most Linux systems
- New vulnerability in QNAP QTS firmware: CVE-2023-50358
- CVE-2023-47218: QNAP QTS and QuTS hero unauthenticated command injection
- Ivanti Connect Secure: Journey to the core of the DSLog backdoor (PDF)
- Patch now! Roundcube mail servers are being actively exploited
- SolarWinds fixes critical RCE bugs in access rights audit solution
- Ongoing malicious campaign impacting Azure cloud environments
- New macOS backdoor written in Rust shows possible link with Windows ransomware group
- HijackLoader expands techniques to improve defense evasion
- New Qbot malware variant uses fake Adobe installer popup for evasion
- The (d)evolution of Pikabot
- Diving into Glupteba’s UEFI bootkit
- MoqHao evolution: New variants start automatically right after installation
- Free Rhysida ransomware decryptor for Windows exploits RNG flaw
- Bumblebee buzzes back in black
- Meta: Countering the surveillance-for-hire industry & influence operations (PDF)
- OpenAI and Microsoft shuts down accounts linked to 5 nation-state hacking groups
- Russian language cybercriminal forums – analyzing the most active and renowned communities
- TinyTurla Next Generation – Turla APT spies on Polish NGOs
- China’s cyber revenge: Why the PRC fails to back its claims of western espionage
- New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
- Tool of first resort: Israel-Hamas war in cyber (PDF)
- Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.