Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Up to 90% of governmental websites include cookies of third-party trackers
- Microsoft to ban commercial open source from app store
- Japan makes ‘online insults’ punishable by one year in prison after TV star’s death
- Hacker group claims Elden Ring publisher is its latest victim
- Bandai Namco confirms hack after ALPHV ransomware data leak threat
- Ransomware gang now lets you search their stolen data
- CEO of dozens of companies and entities charged in scheme to taffic an estimated $1 billion in fraudulent and counterfeit Cisco networking equipment
- [AUDIO] Interview with Alexandre Dulaunoy about tools produced by CIRCL
- A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets
For the more technical
- Microsoft July 2022 Patch Tuesday
- From Follina to Rozena – Leveraging Discord to distribute a backdoor
- Unrar path traversal vulnerability affects Zimbra Mail
- Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
- Attacking Active Directory: 0 to 0.9
- Cache-based targeted deanonymization attacks
- Account hijacking using “dirty dancing” in sign-in OAuth-flows
- From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
- 8 million dollars stolen in a Uniswap phishing attack
- How bad actors can abuse block explorers to trick you
- Hello IPv6 scanning world
- Command injection vulnerabilities in Robustel cellular router
- Retbleed: Arbitrary speculative code execution with return instructions
- GhostTouch: Targeted attacks on touchscreens without physical touch (PDF)
- Hackers can unlock Honda cars remotely in Rolling-PWN attacks
- This is the code the FBI used to wiretap the world
- Text-based fraud: from 419 scams to vishing
- Callback malware campaigns impersonate CrowdStrike and other cybersecurity companies
- ABCsoup: The malicious adware extension with 350 variants
- OrBit: New undetected Linux threat uses unique hijack of execution flow
- Raspberry Robin worm abuses Windows Installer and QNAP devices
- Unpacking cloud-based cryptocurrency miners that abuse GitHub actions and Azure virtual machines
- Misinformation in malware analysis
- Hive ransomware gets upgrades in Rust
- BlackCat (aka ALPHV) ransomware is increasing stakes up to $2,5m in demands
- New ransomware groups on the rise
- Mantis – the most powerful botnet to date
- From industrial-scale scam centers, trafficking victims are being forced to steal billions
- Luna Moth: The actors behind the recent false subscription scams
- Why organizations should (and should not) worry about KillNet
- Targeted attack on government agencies
- North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.