IT Security Weekend Catch Up – July 10, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. How hackers extorted $1.14m from University of California, San Francisco
  2. Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn
  3. Citizen of Kazakhstan, known as “fxmsp,” charged with computer fraud
  4. FSB’s Magnificent Seven: New links between Berlin and Istanbul assassinations
  5. With India’s TikTok ban, the world’s digital walls grow higher
  6. Anonymous hackers target TikTok: ‘Delete this Chinese spyware now’
  7. China’s Great Firewall has finally come to Hong Kong’s internet
  8. Hong Kong downloads of Signal surge as residents fear crackdown
  9. WhatsApp stops processing police requests for Hong Kong users’ data amid protests
  10. Facebook admits to improperly giving user data to third-party developers, again
  11. Cybersecurity experts take aim at senators over encryption

For the more technical

  1. Would you like some RCE with your Guacamole?
  2. Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances
  3. System hardening in Android 11
  4. Android Security Bulletin—July 2020
  5. Another macOS privacy protections bypass
  6. How to unc0ver a 0-day in 4 hours or less
  7. ZombieVPN, breaking that internet security
  8. Microsoft releases emergency Windows 10 updates to resolve security flaws
  9. Hijacking DLLs in Windows
  10. Bring your own .NET Core Garbage Collector
  11. Screwed drivers open ATMs to attack
  12. F5 BIG-IP remote code execution exploit – CVE-2020-5902
  13. CVE-2020-2021 PAN-OS: Authentication bypass in SAML authentication
  14. A hacker gang is wiping Lenovo NAS devices and asking for ransoms
  15. Remote code execution vulnerability in Zoom client for Windows (0day)
  16. Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities
  17. Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
  18. Domains visited get leaked to DDG servers
  19. CanaryTrap: Detecting data misuse by third-party apps on online social networks (PDF)
  20. They steal your Facebook
  21. New Joker variant hits Google Play with an old trick
  22. Pig in a poke: smartphone adware
  23. New ransomware posing as COVID‑19 tracing app targets Canada
  24. Business giant Xerox allegedly suffers Maze ransomware attack
  25. Electric company ransomware attack calls for $14 million in ransom
  26. EKANS ransomware targeting OT ICS systems
  27. The Snake attacks holding the industrial sector ransom
  28. New Mac ransomware spreading through piracy
  29. OSX.EvilQuest uncovered
  30. Mac ThiefQuest malware may not be ransomware after all
  31. Breaking EvilQuest – Reversing a custom macOS ransomware file encryption routine
  32. Mozilla suspends Firefox Send service while it addresses malware abuse
  33. GoldenSpy: Chapter two – The uninstaller
  34. Mobile APT surveillance campaigns targeting Uyghurs (PDF)
  35. Microcin is here – With asynchronous sockets, steganography, GitLab ban and a sock
  36. More evil: A deep look at Evilnum and its toolset
  37. North Korean hackers are skimming US and European shoppers
  38. “Keeper” Magecart group infects 570 sites
  39. Cosmic Lynx: A russian threat hits the BEC scene
  40. PROMETHIUM extends global reach with StrongPity3 APT
  41. StrongPity APT – Revealing trojanized tools, working hours and infrastructure (PDF)
  42. Microsoft takes legal action against COVID-19-related cybercrime
  43. Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game
  44. PWDB – New generation of Password Mass-Analysis
  45. The 15 billion stolen credentials allowing account takeover (PDF)
  46. Dark Web Price Index 2020
  47. Redirect auction
  48. Configuring IPsec Virtual Private Networks (PDF)
  49. Google open-sources Tsunami vulnerability scanner + more information
  50. Introducing project Freta
  51. New Behave! extension warns of website port scans, local attacks
  52. Apple declined to implement 16 Web APIs in Safari due to privacy concerns
  53. Security cameras can tell burglars when you’re not home, study shows (PDF)
  54. Unlocking BitLocker: Can you break that password?
  55. Disrupting deepfakes: Adversarial attacks on conditional image translation networks

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *