IT Security Weekend Catch Up – February 8, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

Looking for sponsors

Over 3 year of weekly delivery of fresh IT security news, thousands of links and happy readers. You can become part of IT Security Weekly Catch Up by becoming a sponsor. Interested? Get in touch at badcybercom[at]gmail.com (and please, no VPNs/crypto/poker etc.)

For the less technical

  1. Apple engineers have a proposal to standardize two-factor authentication messages, and Google is on board
  2. Protecting SMS messages used in critical business processes
  3. Indian airline breach impacts 1.2m passengers
  4. AdultFriendFinder network hack exposes 412 million accounts
  5. Researchers found a list of Electronic Arts’ Slack channels
  6. Dutch university paid $220,000 ransom to hackers after Christmas attack
  7. Sodinokibi ransomware threatens to publish data of Automotive Group
  8. China, desperate to stop coronavirus, turns neighbor against neighbor
  9. Facebook’s ‘Clear History’ tool doesn’t clear shit
  10. I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets
  11. Some Google Photos videos in ‘Takeout’ backups were sent to strangers last November

For the more technical

  1. Direct memory access attacks – a walk down memory lane
  2. Cisco patches critical CDP flaws affecting millions of devices (PDF)
  3. LPE and RCE in OpenSMTPD (CVE-2020-7247)
  4. Remote cloud execution – critical vulnerabilities in Azure cloud infrastructure – part I & II
  5. Leaked code from Docker Registries
  6. Critical security flaw found in WhatsApp desktop platform allowing cybercriminals read From the file system access
  7. A critical flaw in Trezor hardware wallets
  8. Critical Bluetooth vulnerability in Android (CVE-2020-0022) – BlueFrag
  9. Android Security Bulletin – February 2020
  10. The dark side of smart lighting
  11. Full disclosure: 0day vulnerability (backdoor) in firmware for HiSilicon-based DVRs, NVRs and IP cameras
  12. A critical vulnerability in TeamViewer
  13. Dropbox bug bounty program has paid out over $1,000,000
  14. Genesis market 2020 overview, a bazaar for buying data out of compromised computers
  15. Forging SWIFT MT Payment Messages for fun and pr… research
  16. Linear eMerge E3 access controller actively being exploited
  17. Windows app runs on Mac, downloads info stealer and adware
  18. Malicious optimizer and utility Android apps on Google Play communicate with trojans that install malware, perform mobile ad fraud
  19. STOMP 2 DIS: Brilliance in the (Visual) Basics
  20. Mysterious new ransomware targets industrial control systems
  21. Ransomware borrows vulnerable driver to remove security software
  22. New EmoCheck tool checks if you’re infected with Emotet
  23. Winnti Group targeting universities in Hong Kong
  24. Reverse engineering my router’s firmware with binwalk
  25. Kali Linux 2020.1 release
  26. Deanonymizing Tor circuits
  27. Apple vs law enforcement: Cloudy times
  28. Protecting users from insecure downloads in Google Chrome

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *