IT Security Weekend Catch Up – January 25, 2025

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Russian ransomware hackers increasingly posing as tech support on Microsoft Teams
  2. Otelier data breach exposes info, hotel reservations of millions
  3. HPE investigates breach as hacker claims to steal source code
  4. Trump pardons Silk Road founder Ross Ulbricht for online drug scheme
  5. Court rules FBI’s warrantless searches violated Fourth Amendment

For the more technical

  1. Oracle critical patch update advisory – January 2025
  2. Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
  3. VeraCrypt: update drops 32-bit support on Windows and fixes several security issues
  4. Windows BitLocker – screwed without a screwdriver
  5. Cisco Meeting Management REST API privilege escalation vulnerability
  6. 7-Zip Mark-of-the-Web bypass vulnerability
  7. Hacking Subaru: Tracking and controlling cars via the Starlink admin panel
  8. EtherHiding and ClickFix: new mask of social engineering campaign
  9. Malicious extensions circumvent Google’s remote code ban
  10. Fake Homebrew Google ads target Mac users with malware
  11. 2024 macOS malware review: Infostealers, backdoors, and APT campaigns targeting the enterprise
  12. Malicious PyPI package ‘pycord-self’ targets Discord developers with token theft and backdoor exploit
  13. Targeted supply chain attack against Chrome browser extensions
  14. A beginner(s) guide to hunting web-based credit card skimmers
  15. No honour among thieves: Uncovering a trojanized XWorm RAT builder propagated by threat actors and disrupting its operations
  16. Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4
  17. Mass campaign of Murdoc botnet Mirai: A new variant of Corona Mirai
  18. Akira ransomware: A shifting force in the RaaS domain
  19. HellCat and Morpheus: Two brands, one payload as ransomware affiliates drop identical code
  20. The new face of ransomware: Key players and emerging tactics of 2024
  21. Android malware in DoNot APT operations
  22. How hackers use PHP backdoors and GSocket to facilitate illegal gambling in Indonesia
  23. New Star Blizzard spear-phishing campaign targets WhatsApp accounts
  24. Researchers say new attack could take down the European power grid
  25. PlushDaemon compromises supply chain of Korean VPN service
  26. InvisibleFerret malware: Technical analysis
  27. Quick overview of Babyshark campaign disguise as defense-themed HWP document, involving the Kimsuky APT group
  28. Unveiling Silent Lynx APT targeting entities across Kyrgyzstan & neighbouring nations

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *