IT Security Weekend Catch Up – January 25, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

Looking for sponsors

Over 3 year of weekly delivery of fresh IT security news, thousands of links and happy readers. You can become part of IT Security Weekly Catch Up by becoming a sponsor. Interested? Get in touch at badcybercom[at]gmail.com (and please, no VPNs/crypto/poker etc.)

For the less technical

  1. Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
  2. Study says Grindr, OkCupid, and Tinder breach GDPR
  3. PolicyLint: Investigating internal privacy policy contradictions on Google Play (PDF)
  4. Mitsubishi Electric discloses information leak
  5. Russian national pleads guilty to running online criminal marketplace
  6. Glenn Greenwald charged with cybercrimes in Brazil
  7. Top Secret documents show Cyber Command’s growing pains in its mission against ISIS
  8. Revealed: the Saudi heir and the alleged plot to undermine Jeff Bezos
  9. Ubisoft sues operators of four DDoS-for-hire services
  10. What are deepfakes – and how can you spot them?
  11. Apple dropped plan for encrypting backups after FBI complained
  12. Apple Transparency Report: Government and private party requests (PDF)

For the more technical

  1. Citrix patches CVE-2019-19781 flaw in ADC, Gateway and SD-WAN WANOP
  2. FireEye and Citrix tool scans for indicators of compromise related to CVE-2019-19781
  3. RDP to RCE: When fragmentation goes wrong
  4. Micropatching a workaround for CVE-2020-0674
  5. Easily exploitable vulnerabilities patched in WP Database Reset plugin
  6. “Like” at your own risk
  7. Netgear signed TLS cert private key disclosure
  8. Fortinet FortiSIEM hardcoded SSH key
  9. Live cyber threat maps:
  10. Muhstik botnet attacks Tomato routers to harvest new IoT devices
  11. Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus
  12. Fake company, real threats
  13. Inside the world’s highest-stakes industrial hacking contest
  14. Ryuk ransomware hit multiple oil & gas facilities, ICS security expert says
  15. EFS ransomware
  16. WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation
  17. Shlayer trojan attacks one in ten macOS users
  18. Yet another [almost] non-removable trojan for Android
  19. 250 million Microsoft customer service and support records exposed on the web
  20. Cannabis users’ sensitive data exposed in data breach
  21. LastPass is in the midst of a major outage
  22. A comprehensive guide on securing your system, archives and documents
  23. OWASP API Security Top 10 2019 (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *