IT Security Weekend Catch Up – July 15, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Up to 90% of governmental websites include cookies of third-party trackers
  2. Microsoft to ban commercial open source from app store
  3. Japan makes ‘online insults’ punishable by one year in prison after TV star’s death
  4. Hacker group claims Elden Ring publisher is its latest victim
  5. Bandai Namco confirms hack after ALPHV ransomware data leak threat
  6. Ransomware gang now lets you search their stolen data
  7. CEO of dozens of companies and entities charged in scheme to taffic an estimated $1 billion in fraudulent and counterfeit Cisco networking equipment
  8. [AUDIO] Interview with Alexandre Dulaunoy about tools produced by CIRCL
  9. A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets

For the more technical

  1. Microsoft July 2022 Patch Tuesday
  2. From Follina to Rozena – Leveraging Discord to distribute a backdoor
  3. Unrar path traversal vulnerability affects Zimbra Mail
  4. Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
  5. Attacking Active Directory: 0 to 0.9
  6. Cache-based targeted deanonymization attacks
  7. Account hijacking using “dirty dancing” in sign-in OAuth-flows
  8. From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
  9. 8 million dollars stolen in a Uniswap phishing attack
  10. How bad actors can abuse block explorers to trick you
  11. Hello IPv6 scanning world
  12. Command injection vulnerabilities in Robustel cellular router
  13. Retbleed: Arbitrary speculative code execution with return instructions
  14. GhostTouch: Targeted attacks on touchscreens without physical touch (PDF)
  15. Hackers can unlock Honda cars remotely in Rolling-PWN attacks
  16. This is the code the FBI used to wiretap the world
  17. Text-based fraud: from 419 scams to vishing
  18. Callback malware campaigns impersonate CrowdStrike and other cybersecurity companies
  19. ABCsoup: The malicious adware extension with 350 variants
  20. OrBit: New undetected Linux threat uses unique hijack of execution flow
  21. Raspberry Robin worm abuses Windows Installer and QNAP devices
  22. Unpacking cloud-based cryptocurrency miners that abuse GitHub actions and Azure virtual machines
  23. Misinformation in malware analysis
  24. Hive ransomware gets upgrades in Rust
  25. BlackCat (aka ALPHV) ransomware is increasing stakes up to $2,5m in demands
  26. New ransomware groups on the rise
  27. Mantis – the most powerful botnet to date
  28. From industrial-scale scam centers, trafficking victims are being forced to steal billions
  29. Luna Moth: The actors behind the recent false subscription scams
  30. Why organizations should (and should not) worry about KillNet
  31. Targeted attack on government agencies
  32. North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *