IT Security Weekend Catch Up – January 30, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Tor Project appeals Russian court’s decision to block access to Tor
  2. Let’s Encrypt is revoking lots of SSL certificates in two days
  3. Google kills FLoC & will stick with cookies because of privacy complaints
  4. Apple’s AirTag uncovers a secret German intelligence agency
  5. Finland says it found NSO’s Pegasus spyware on diplomats’ phones
  6. Searching for Susy Thunder
  7. DeepDotWeb administrator sentenced for money laundering scheme
  8. Conti ransomware hits Apple, Tesla supplier
  9. Hacktivist group shares details related to Belarusian Railways hack

For the more technical

  1. Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
  2. Hacking the Apple Webcam (again)
  3. Apple: Personal Safety User Guide (PDF)
  4. A bug lurking for 12 years gives attackers root on most major Linux distros
  5. PwnKit: Local privilege escalation vulnerability discovered in polkit’s pkexec (CVE-2021-4034)
  6. Backdoor found in themes and plugins from AccessPress Themes
  7. Dark Souls servers taken down to prevent hacks using critical bug
  8. How I hacked my friend’s PayPal account
  9. How I got access to 25+ Tesla’s around the world
  10. Azure DDoS protection—2021 Q3 and Q4 DDoS attack trends
  11. QNAP force-installs update after DeadBolt ransomware hits 3,600 devices
  12. Analysis and impact of LockBit ransomware’s first Linux and VMware ESXi variant
  13. Watering hole deploys new macOS malware, DazzleSpy, in Asia
  14. Chasing Chaes kill chain
  15. TrickBot bolsters layered defenses to prevent injection research
  16. How BRATA is monitoring your bank account
  17. New FluBot and TeaBot campaigns target Android devices worldwide
  18. Malicious app on Google Play drops banking malware on users’ devices
  19. Financially motivated mobile scamware exceeds 100M installations
  20. Observations from the StellarParticle campaign
  21. North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
  22. Investigating APT36 or Earth Karkaddan’s attack chain and malware arsenal

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *