IT Security Weekend Catch Up – February 6, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Ransomware payments fall as fewer companies pay data exfiltration extortion demands
  2. FonixCrypter ransomware gang releases master decryption key
  3. Security firm Stormshield discloses data breach, theft of source code
  4. Inside the ‘propaganda kitchen’ – a former Russian ‘troll factory’ employee speaks out
  5. Largest compilation of emails and passwords leaked for free on public forum
  6. Database leak exposes CPF of almost the entire population of Brazil
  7. Mobile phishing attacks are scary and on the rise: 85% are outside of email
  8. A spyware vendor seemingly made a fake WhatsApp to hack targets
  9. Amazon plans to install always-on surveillance cameras in its delivery vehicles
  10. Spotify patents technology to recommend songs based on the speech, emotion of users
  11. Google Play has blocked distribution of Element Matrix client
  12. Instagram unmasks high profile ‘OG’ account stealers, threatens to sue
  13. Why $500k donation to right-wing causes does not signify return of ‘Bitcoin Fairy’

For the more technical

  1. Déjà vu-lnerability: A year in review of 0-days exploited in-the-wild in 2020
  2. Vulnerability Reward Program: 2020 year in review
  3. Stealing your private YouTube videos, one frame at a time
  4. The embedded YouTube player told me what you were watching (and more)
  5. Multiple vulnerabilities in WordPress plugin Popup Builder
  6. SonicWall zero-day exploited in the wild
  7. Heap buffer overflow in libgcrypt
  8. Secure messaging apps comparison
  9. BugBountyHunting search engine
  10. Attacking OSS using abandoned resources
  11. NAS forensics: Synology, ASUSTOR, QNAP, TerraMaster and Thecus encryption compared
  12. How secure are webinar platforms? In-house research
  13. domain stolen, now using IP address tied to malware
  14. Malvertising: Made in China
  15. The Nemty affiliate model
  16. Interview with a LockBit ransomware operator (PDF)
  17. Ransomware gangs are abusing VMWare ESXi exploits to encrypt virtual hard disks
  18. Credit card skimmer piggybacks on Magento 1 hacking spree
  19. Trickbot masrv module
  20. Pro-Ocean: Rocke group’s new cryptojacking malware
  21. Operation NightScout: Supply‑chain attack targets online gaming in Asia
  22. Barcode Scanner app on Google Play infects 10 million users with one update
  23. Tricksy Linux malware goes after HPCs (PDF)
  24. New threat: Matryosh botnet is spreading
  25. Suspected Russian hack extends far beyond SolarWinds software, investigators say
  26. Plex Media SSDP (PMSSDP) reflection/amplification DDoS attack mitigation recommendations

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *