IT Security Weekend Catch Up – July 27, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Google’s plan to turn off third-party cookies in Chrome is dying
  2. Forget security – Google’s reCAPTCHA v2 is exploiting users for profit
  3. Microsoft starts campaign to make Windows security more like Mac post-CrowdStrike
  4. Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware
  5. BreachForums v1 database leak is an OPSEC test for hackers
  6. Security firm discovers remote worker is really a North Korean hacker
  7. Reward offer for information on North Korean malicious cyber actor targeting U.S. critical infrastructure
  8. Spanish police arrest three suspects linked to pro-Moscow NoName057(16) hackers
  9. NCA infiltrates world’s most prolific DDoS-for-hire service

For the more technical

  1. Oracle Critical Patch Update Advisory – July 2024
  2. [VIDEO] Finding criticals in mobile apps – Joel Margolis (0xteknogeek)
  3. Exploiting CVE-2024-21412: A stealer campaign unleashed
  4. PKfail: Untrusted platform keys undermine Secure Boot on UEFI ecosystem
  5. Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
  6. CVE-2024-4879 and CVE-2024-5217 (ServiceNow RCE) exploitation in a global reconnaissance campaign
  7. Docker fixes critical 5-year old authentication bypass flaw
  8. Thread Name-Calling – using Thread Name for offense
  9. Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
  10. Stargazers Ghost Network
  11. Protect against the FrostyGoop ICS malware threat with OT cybersecurity basics
  12. SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining
  13. Double dipping cheat developer gets caught red-handed
  14. The tap-estry of threats targeting Hamster Kombat players
  15. Mid-year Doppelgänger information operations in Europe and the US
  16. Possible APT28-linked hackers target Ukraine’s scientific institutions
  17. Onyx Sleet uses array of malware to gather intelligence for North Korea
  18. Daggerfly: Espionage group makes major update to toolset
  19. Phishing campaign targeting mobile users in India using India Post lures

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *