Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Ransomware payments fall as fewer companies pay data exfiltration extortion demands
- FonixCrypter ransomware gang releases master decryption key
- Security firm Stormshield discloses data breach, theft of source code
- Inside the ‘propaganda kitchen’ – a former Russian ‘troll factory’ employee speaks out
- Largest compilation of emails and passwords leaked for free on public forum
- Database leak exposes CPF of almost the entire population of Brazil
- Mobile phishing attacks are scary and on the rise: 85% are outside of email
- A spyware vendor seemingly made a fake WhatsApp to hack targets
- Amazon plans to install always-on surveillance cameras in its delivery vehicles
- Spotify patents technology to recommend songs based on the speech, emotion of users
- Google Play has blocked distribution of Element Matrix client
- Instagram unmasks high profile ‘OG’ account stealers, threatens to sue
- Why $500k donation to right-wing causes does not signify return of ‘Bitcoin Fairy’
For the more technical
- Déjà vu-lnerability: A year in review of 0-days exploited in-the-wild in 2020
- Vulnerability Reward Program: 2020 year in review
- Stealing your private YouTube videos, one frame at a time
- The embedded YouTube player told me what you were watching (and more)
- Multiple vulnerabilities in WordPress plugin Popup Builder
- SonicWall zero-day exploited in the wild
- Heap buffer overflow in libgcrypt
- Secure messaging apps comparison
- BugBountyHunting search engine
- Attacking OSS using abandoned resources
- NAS forensics: Synology, ASUSTOR, QNAP, TerraMaster and Thecus encryption compared
- How secure are webinar platforms? In-house research
- Perl.com domain stolen, now using IP address tied to malware
- Malvertising: Made in China
- The Nemty affiliate model
- Interview with a LockBit ransomware operator (PDF)
- Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks
- Credit card skimmer piggybacks on Magento 1 hacking spree
- Trickbot masrv module
- Pro-Ocean: Rocke group’s new cryptojacking malware
- Operation NightScout: Supply‑chain attack targets online gaming in Asia
- Barcode Scanner app on Google Play infects 10 million users with one update
- Tricksy Linux malware goes after HPCs (PDF)
- New threat: Matryosh botnet is spreading
- Suspected Russian hack extends far beyond SolarWinds software, investigators say
- Plex Media SSDP (PMSSDP) reflection/amplification DDoS attack mitigation recommendations
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.