IT Security Weekend Catch Up – July 10, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. How hackers extorted $1.14m from University of California, San Francisco
2. Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn
3. Citizen of Kazakhstan, known as “fxmsp,” charged with computer fraud
4. FSB’s Magnificent Seven: New links between Berlin and Istanbul assassinations
5. With India’s TikTok ban, the world’s digital walls grow higher
6. Anonymous hackers target TikTok: ‘Delete this Chinese spyware now’
7. China’s Great Firewall has finally come to Hong Kong’s internet
8. Hong Kong downloads of Signal surge as residents fear crackdown
9. WhatsApp stops processing police requests for Hong Kong users’ data amid protests
10. Facebook admits to improperly giving user data to third-party developers, again
11. Cybersecurity experts take aim at senators over encryption

For the more technical

1. Would you like some RCE with your Guacamole?
2. Citrix fixes 11 flaws in ADC, Gateway, and SD-WAN WANOP appliances
3. System hardening in Android 11
4. Android Security Bulletin—July 2020
5. Another macOS privacy protections bypass
6. How to unc0ver a 0-day in 4 hours or less
7. ZombieVPN, breaking that internet security
8. Microsoft releases emergency Windows 10 updates to resolve security flaws
9. Hijacking DLLs in Windows
10. Bring your own .NET Core Garbage Collector
11. Screwed drivers open ATMs to attack
12. F5 BIG-IP remote code execution exploit – CVE-2020-5902
13. CVE-2020-2021 PAN-OS: Authentication bypass in SAML authentication
14. A hacker gang is wiping Lenovo NAS devices and asking for ransoms
15. Remote code execution vulnerability in Zoom client for Windows (0day)
16. Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities
17. Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
18. Domains visited get leaked to DDG servers
19. CanaryTrap: Detecting data misuse by third-party apps on online social networks (PDF)
20. They steal your Facebook
21. New Joker variant hits Google Play with an old trick
22. Pig in a poke: smartphone adware
23. New ransomware posing as COVID‑19 tracing app targets Canada
24. Business giant Xerox allegedly suffers Maze ransomware attack
25. Electric company ransomware attack calls for $14 million in ransom
26. EKANS ransomware targeting OT ICS systems
27. The Snake attacks holding the industrial sector ransom
28. New Mac ransomware spreading through piracy
29. OSX.EvilQuest uncovered
30. Mac ThiefQuest malware may not be ransomware after all
31. Breaking EvilQuest – Reversing a custom macOS ransomware file encryption routine
32. Mozilla suspends Firefox Send service while it addresses malware abuse
33. GoldenSpy: Chapter two – The uninstaller
34. Mobile APT surveillance campaigns targeting Uyghurs (PDF)
35. Microcin is here – With asynchronous sockets, steganography, GitLab ban and a sock
36. More evil: A deep look at Evilnum and its toolset
37. North Korean hackers are skimming US and European shoppers
38. “Keeper” Magecart group infects 570 sites
39. Cosmic Lynx: A russian threat hits the BEC scene
40. PROMETHIUM extends global reach with StrongPity3 APT
41. StrongPity APT – Revealing trojanized tools, working hours and infrastructure (PDF)
42. Microsoft takes legal action against COVID-19-related cybercrime
43. Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game
44. PWDB – New generation of Password Mass-Analysis
45. The 15 billion stolen credentials allowing account takeover (PDF)
46. Dark Web Price Index 2020
47. Redirect auction
48. Configuring IPsec Virtual Private Networks (PDF)
49. Google open-sources Tsunami vulnerability scanner + more information
50. Introducing project Freta
51. New Behave! extension warns of website port scans, local attacks
52. Apple declined to implement 16 Web APIs in Safari due to privacy concerns
53. Security cameras can tell burglars when you’re not home, study shows (PDF)
54. Unlocking BitLocker: Can you break that password?
55. Disrupting deepfakes: Adversarial attacks on conditional image translation networks

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.