IT Security Weekend Catch Up – February 29, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

Looking for sponsors

Over 3 year of weekly delivery of fresh IT security news, thousands of links and happy readers. You can become part of IT Security Weekly Catch Up by becoming a sponsor. Interested? Get in touch at badcybercom[at] (and please, no VPNs/crypto/poker etc.)

For the less technical

  1. Brave Browser and the Wayback Machine: Working together to help make the Web more useful and reliable
  2. Cyber attack on PM’s office, state bodies attributed to foreign spies
  3. Australian banks targeted by DDoS extortionists
  4. Former Microsoft software engineer convicted of 18 federal felonies for stealing more than $10 million in digital value such as gift cards
  5. Clearview’s facial recognition app has been used by the Justice Department, ICE, Macy’s, Walmart, and the NBA
  6. Wearing a mask won’t stop facial recognition anymore

For the more technical

  1. LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
  2. CVE-2020-0688: Remote code execution on Microsoft Exchange Server through fixed cryptographic keys
  3. KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices (PDF)
  4. Multiple vulnerabilities in Moxa AWK-3131A
  5. Zyxel fixes 0day in network storage devices + more information
  6. Ghostcat – a high-risk file read / include vulnerability in Tomcat
  7. A close look at 100+ patched vulnerabilities
  8. Google patches Chrome zero-day under active attacks
  9. We found 6 critical PayPal vulnerabilities – and PayPal punished us for it
  10. PayPal accounts are getting abused en-masse for unauthorized payments
  11. Active attack on recently patched Duplicator plugin vulnerability affects over 1 million sites
  12. Global sporting goods giant leaks Spanish employees’ data & more
  13. Precise location information leaking through system pasteboard
  14. Report identifies the most dangerous mobile app store on the internet
  15. Mobile malware evolution 2019
  16. (Ab)using bash-fu to analyze recent Aggah sample
  17. The Dever ransomware experience
  18. Sodinokibi ransomware may tip NASDAQ on attacks to hurt stock prices
  19. Raccoon: The story of a typical infostealer
  20. ‘Cloud Snooper’ attack bypasses firewall security measures
  21. 2020 – Year of the RAT
  22. Roaming Mantis: Distributed in 2019 using SMiShing and enhanced anti-researcher techniques
  23. Profiling of TA505 threat group
  24. Exploring the Genesis supply chain for fun and profit
  25. Fixing memory leaks in web applications
  26. From 0 to 1337. brief security analysis of a large service provider
  27. Determine a Facebook user from an email address
  28. DigiCert: Position on 1-year certificates
  29. Defeating a laptop’s BIOS password
  30. How to defend yourself against browser fingerprinting
  31. Smart vacuum security flaws may leave users exposed

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *