Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- FT editor among 180 journalists identified by clients of spyware firm
- Viktor Orbán using NSO spyware in assault on media, data suggests
- Response from NSO and governments
- Group-IB helps Dutch police identify members of phishing developer gang Fraud Family
- Man arrested in connection with alleged role in Twitter hack
- Ransomware gang breached CNA’s network via fake browser update
- Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy
- Kaseya has obtained universal decryptor key
- Introducing Email Protection: The easy way to block email trackers and hide your address
For the more technical
- 2021 CWE Top 25 Most Dangerous Software Weaknesses
- Sequoia: A local privilege escalation vulnerability in Linux’s filesystem layer (CVE-2021-33909)
- An zero day exploit for HiveNightmare aka SeriousSam (CVE-2021–36934)
- Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files
- CVE-2021-3438: 16 years in hiding – millions of printers worldwide vulnerable
- Top-down and bottom-up: Exploiting vulnerabilities in the OT cloud era
- Oracle Critical Patch Update Advisory – July 2021
- A story about an Apple and two fetches
- Meet WiFiDemon – iOS WiFi RCE 0-day vulnerability, and a zero-click vulnerability that was silently patched
- Top prevalent malware with a thousand campaigns migrates to macOS
- Updated XCSSET malware targets Telegram, other apps
- Groundhog day: NPM package caught stealing browser passwords
- Debugging MosaicLoader, one step at a time (PDF)
- HelloKitty ransomware is targeting vulnerable SonicWall devices
- Saudi Aramco data breach sees 1 TB stolen data for sale
- Chinese gas pipeline intrusion campaign, 2011 to 2013
- Joker joking in Google Play
- StrongPity APT group deploys Android malware for the first time
- Forensic methodology report: How to catch NSO Group’s Pegasus + Mobile Verification Toolkit
- A large intrusion campaign impacting numerous French entities
- White House formally blames China’s Ministry of State Security for Microsoft Exchange hack
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.