IT Security Weekend Catch Up – July 13, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! Newsletter 07/2024 – Text messaging attacks: A smishing saga
  2. Digital Markets Act, Google, Chrome extensions – case study
  3. Prominent misinformation interventions reduce misperceptions but increase scepticism
  4. Data breach exposes millions of mSpy spyware customers
  5. AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach
  6. Researchers claim nearly 10 billion credentials under threat — here’s what we know so far
  7. The stark truth behind the resurgence of Russia’s Fin7
  8. Russia forces Apple to remove dozens of VPN apps from App Store
  9. The Kremlin is rewriting Wikipedia

For the more technical

  1. [VIDEO] Solving Hackceler8 Teaser Task 2 by Gynvael Coldwind
  2. Introducing a new vulnerability class: False File Immutability
  3. Resurrecting Internet Explorer: Threat actors using zero-day tricks in Internet shortcut file to lure victims (CVE-2024-38112)
  4. Microsoft Patch Tuesday July 2024
  5. Signal downplays encryption key flaw, fixes it after X drama
  6. RADIUS/UDP vulnerable to improved MD5 collision attack
  7. Security flaws found in connected Traeger grill
  8. Netgear warns users to patch auth bypass, XSS router flaws
  9. CVE-2024-4577 exploits in the wild one day after disclosure
  10. CVE-2024-29510 – Exploiting Ghostscript using format strings
  11. GitLab patches critical flaw allowing unauthorized pipeline jobs
  12. Vulnerability in Exim MTA could allow malicious email attachments past filters [CVE-2024-39929]
  13. Exploring compiled V8 JavaScript usage in malware
  14. Hackers target WordPress calendar plugin used by 150,000 sites
  15. Distribution of AsyncRAT disguised as ebook
  16. Decrypted: DoNex ransomware and its predecessors
  17. Turning Jenkins into a cryptomining machine from an attacker’s perspective
  18. The mechanics of ViperSoftX: Exploiting AutoIt and CLR for stealthy PowerShell execution
  19. Turla: A master’s art of evasion
  20. CrystalRay: Inside the operations of a rising threat actor exploiting OSS tools
  21. 50 shades of bulletproof hosting – BPH landscape on russian-language cybercrime forums
  22. Huione Guarantee: The multi-billion dollar marketplace used by online scammers
  23. US disrupts AI-powered bot farm pushing Russian propaganda on X
  24. Houthi surveillanceware targeting Middle Eastern militaries
  25. APT40 advisory
  26. CloudSorcerer – A new APT targeting Russian government entities
  27. Attack activities by Kimsuky targeting Japanese organizations
  28. An in-depth look at crypto-crime in 2023, part 1 & part 2
  29. Ticket Heist: Olympic games and sporting events at risk

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *