IT Security Weekend Catch Up – July 24, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. FT editor among 180 journalists identified by clients of spyware firm
  2. Viktor Orbán using NSO spyware in assault on media, data suggests
  3. Response from NSO and governments
  4. Group-IB helps Dutch police identify members of phishing developer gang Fraud Family
  5. Man arrested in connection with alleged role in Twitter hack
  6. Ransomware gang breached CNA’s network via fake browser update
  7. Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy
  8. Kaseya has obtained universal decryptor key
  9. Introducing Email Protection: The easy way to block email trackers and hide your address

For the more technical

  1. 2021 CWE Top 25 Most Dangerous Software Weaknesses
  2. Sequoia: A local privilege escalation vulnerability in Linux’s filesystem layer (CVE-2021-33909)
  3. An zero day exploit for HiveNightmare aka SeriousSam (CVE-2021–36934)
  4. Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files
  5. CVE-2021-3438: 16 years in hiding – millions of printers worldwide vulnerable
  6. Top-down and bottom-up: Exploiting vulnerabilities in the OT cloud era
  7. Oracle Critical Patch Update Advisory – July 2021
  8. A story about an Apple and two fetches
  9. Meet WiFiDemon – iOS WiFi RCE 0-day vulnerability, and a zero-click vulnerability that was silently patched
  10. Top prevalent malware with a thousand campaigns migrates to macOS
  11. Updated XCSSET malware targets Telegram, other apps
  12. Groundhog day: NPM package caught stealing browser passwords
  13. Debugging MosaicLoader, one step at a time (PDF)
  14. HelloKitty ransomware is targeting vulnerable SonicWall devices
  15. Saudi Aramco data breach sees 1 TB stolen data for sale
  16. Chinese gas pipeline intrusion campaign, 2011 to 2013
  17. Joker joking in Google Play
  18. StrongPity APT group deploys Android malware for the first time
  19. Forensic methodology report: How to catch NSO Group’s Pegasus + Mobile Verification Toolkit
  20. A large intrusion campaign impacting numerous French entities
  21. White House formally blames China’s Ministry of State Security for Microsoft Exchange hack

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *