IT Security Weekend Catch Up – January 19, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. GRU attacks USA, France, Ukraine from servers linked to Bulgaria
  2. What is the Hainan Xiandun Technology Development Company?
  3. Site hosting stolen credentials taken down after international operation
  4. A billion medical images are exposed online, as doctors ignore warnings
  5. New study: The advertising industry is systematically breaking the law
  6. Man hijacks Portland airport monitor to play video games, until PDX officials declare ‘game over’
  7. Kim Dotcom wins back domain after dispute & $100k sell-back offer

For the more technical

  1. Oracle Critical Patch Update Advisory – January 2020
  2. January Patch Tuesday: Update list includes fixes for Internet Explorer, Remote Desktop, cryptographic bugs
  3. CVE-2020-0601: the ChainOfFools/CurveBall attack explained with PoC
  4. Microsoft guidance on scripting engine memory corruption vulnerability
  5. Dutch govt suggests turning off Citrix ADC devices, mitigations may fail
  6. Rough patch: I promise it’ll be 200 OK (Citrix ADC CVE-2019-19781)
  7. Adobe releases their January 2020 security updates
  8. Busting Cisco’s beans: Hardcoding your way to hell
  9. IPAS: Security Advisories for January 2020
  10. Applying a Stuxnet type attack to a Schneider Modicon PLC
  11. Exploit that gives remote access affects ~200 million cable modems (PDF)
  12. More than 600 million users installed Android ‘fleeceware’ apps from the Play Store
  13. Seventeen Android nasties spotted in Google Play, total over 550k downloads
  14. Critical auth bypass vulnerability in InfiniteWP Client and WP Time Capsule
  15. Let’s reverse engineer Discord
  16. United Nations targeted with Emotet malware phishing attack
  17. Stolen emails reflect Emotet’s organic growth
  18. Australia bushfire donors affected by credit card skimming attack
  19. North American electric cyber threat perspective (PDF)
  20. Phishing Burisma Holdings (PDF)
  21. Conversation hijacking
  22. Threats making WAVs – Incident response to a cryptomining attack
  23. Ryuk ransomware uses Wake-on-Lan to encrypt offline devices
  24. Nemty ransomware to start leaking non-paying victim’s data
  25. How to make a Raspberry Pi VPN server
  26. Apple vs. law enforcement: Cloud forensics
  27. Announcing the Kubernetes bug bounty program

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *