IT Security Weekend Catch Up – July 21, 2023

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. WormGPT – The generative AI tool cybercriminals are using to launch business email compromise attacks
  2. Google exposes intelligence and defense employee names in VirusTotal leak
  3. Social engineering campaign targets technology industry employees
  4. Estée Lauder beauty giant breached by two ransomware gangs
  5. Fake passports, real bank accounts: How TheTruthSpy stalkerware made its millions
  6. How a Nintendo Switch helped locate a missing girl 2,000 miles from home
  7. Kevin Mitnick, hacker and fugitive turned security consultant, dies at 59

For the more technical

  1. The quarterly Oracle security updates are out
  2. New critical Citrix ADC and Gateway flaw exploited as zero-day
  3. Active exploitation of multiple Adobe ColdFusion vulnerabilities
  4. Attackers could have shut down your WhatsApp account with one simple email
  5. Unpacking the MOVEit breach: Statistics and analysis
  6. CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent
  7. Patch diffing CVE-2023-28121 to compromise a WooCommerce
  8. [VIDEO] How to operate patch management when you have more then 3000 servers
  9. Critical AMI MegaRAC bugs can let hackers brick vulnerable servers
  10. Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability
  11. Analysis of Storm-0558 techniques for unauthorized email access
  12. Secrets revealed in container images: An Internet-wide study on occurrence and impact (PDF)
  13. Bad.Build: A critical privilege escalation design flaw in Google Cloud Build enables a supply chain attack
  14. An uptick in Mallox ransomware activities exploiting MS-SQL servers
  15. BYOS – bundle your own stealer
  16. Analyzing a New .NET variant of LaplasClipper: retrieving the config
  17. P2PInfect: The rusty peer-to-peer self-replicating worm
  18. HotRat: The risks of illegal software downloads and hidden AutoHotkey script within
  19. FakeSG enters the ‘FakeUpdates’ arena to deliver NetSupport RAT
  20. Cybercriminals evolve antidetect tooling for mobile OS-based fraud
  21. Lookout attributes advanced Android surveillanceware to Chinese espionage group APT41
  22. Chinese cyber espionage actors continue to evolve tactics to avoid detection
  23. FIN8 uses revamped Sardonic backdoor to deliver Noberus ransomware
  24. New invitation from APT29 to use CCleaner
  25. KillNet showcases new capabilities while repeating older tactics

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *