IT Security Weekend Catch Up – January 23, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. How law enforcement gets around your smartphone’s encryption
  2. U.S. schools are buying phone-hacking tech that the FBI uses to investigate terrorists
  3. Malware found on laptops given out by government
  4. Massive blackouts have hit Iran. The government is blaming bitcoin mining
  5. Last Dash for Joker’s Stash: Carding forum may close in 30 days
  6. OpenWRT reports data breach after hacker gained access to forum admin account
  7. Hacker leaks full database of 77 million Nitro PDF user records
  8. UK police warn of sextortion attempts in intimate online dating chats
  9. Hacker posts 1.9 million Pixlr user records for free on forum
  10. Brave browser takes step toward enabling a decentralized web

For the more technical

  1. Write-up of DOMPurify 2.0.0 bypass using mutation XSS
  2. Mutation XSS via namespace confusion – DOMPurify < 2.0.17 bypass
  3. KindleDrip – from your Kindle’s email address to using your credit card
  4. Windows 10 bug crashes your PC when you access this location
  5. Multiple vulnerabilities found in FiberHome HG6245D routers
  6. Take action to secure your QNAP NAS
  7. Microsoft Remote Desktop Protocol (RDP) reflection/amplification DDoS attack mitigation recommendations
  8. DNSpooq – Kaminsky attack is back
  9. New SAP exploit published online
  10. Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
  11. VPNFilter two years later: Routers still compromised
  12. A Chinese hacking group is stealing airline passenger details
  13. Abusing cloud services to fly under the radar
  14. What you should know before leaking a Zoom meeting
  15. IObit forums hacked to spread ransomware to its members
  16. Cyber criminals leave stolen phishing credentials in plain sight
  17. Raindrop: New malware discovered in SolarWinds investigation
  18. Deep dive into the Solorigate second-stage activation: From Sunburst to Teardrop and Raindrop
  19. Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach
  20. Chaining multiple bugs for unauthenticated RCE in the SolarWinds Orion platform
  21. FreakOut – leveraging newest vulnerabilities for creating a botnet
  22. Iranian cyber actors continue to threaten US election officials
  23. New website launched to document vulnerabilities in malware strains
  24. MrbMiner: Cryptojacking to bypass international sanctions

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *