IT Security Weekend Catch Up – January 3, 2025

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [VIDEO] Relive: We’ve not been trained for this: life after the Newag DRM disclosure
  2. The biggest cybersecurity and cyberattack stories of 2024
  3. These were the badly handled data breaches of 2024
  4. Customer data from 800,000 electric cars and owners exposed online
  5. Chinese hackers breach US treasury network, gain access to some files
  6. Treasury sanctions technology company for support to malicious cyber group
  7. U.S. Army soldier arrested in AT&T, Verizon extortions
  8. Over 3.1 million fake “stars” on GitHub projects used to boost rankings
  9. Siri “unintentionally” recorded private convos; Apple agrees to pay $95M
  10. So, Bluesky has an extortion problem
  11. The UN finally advances a convention on cybercrime . . . and no one is happy about it

For the more technical

  1. LDAPNightmare: SafeBreach Labs publishes first proof-of-concept exploit for CVE-2024-49113
  2. Four-Faith industrial router CVE-2024-12856 exploited in the wild
  3. On the sixth day of Christmas, an X account gave to me: a fake 7-Zip ACE
  4. Preliminary analysis of the recent malicious Chrome extension
  5. New details reveal how hackers hijacked 35 Google Chrome extensions + more information
  6. Recovering WPA-3 network password by bypassing the simultaneous authentication of equals handshake using social engineering captive portal (PDF)
  7. Over 3 million mail servers without encryption exposed to sniffing attacks
  8. DoubleClickjacking: A new era of UI redressing
  9. Botnets continue to target aging D-Link vulnerabilities
  10. NotLockBit: A deep dive into the new ransomware threat
  11. Breaking the chain: A signature verification bypass in Nuclei, the popular vulnerability scanner (CVE-2024-43405)
  12. Is Monero totally private? A comprehensive analysis of de-anonymization attacks against the privacy coin

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *