IT Security Weekend Catch Up – July 31, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. An informal review of CTF abuse
  2. Carbon, a new programming language from Google, aims to be C++ successor
  3. Bank of America hardware key implementation is basically crap
  4. Three charged in first ever cryptocurrency insider trading tipping scheme
  5. NSO Group sold spyware to 14 EU governments
  6. Russia is quietly ramping up its Internet censorship machine
  7. Hacker selling Twitter account data of 5.4 million users for $30k
  8. T-Mobile reaches historic $350 million settlement in 2021 data breach
  9. LockBit claims ransomware attack on Italian tax agency
  10. Breach exposes users of Microleaves proxy service
  11. Radioactivity monitoring and warning system hacked, disabled by attackers
  12. Arts organizations alarmed after WordFly ransomware attack

For the more technical

  1. Zyxel authentication bypass patch analysis (CVE-2022-0342)
  2. About Windows persistence mechanisms
  3. Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
  4. Attackers profiting from proxyware
  5. Malicious IIS extensions quietly open persistent backdoors into servers
  6. How threat actors are adapting to a post-macro world
  7. Attackers move quickly to exploit high-profile zero days
  8. Multiple vulnerabilities in Moxa NPort 5110
  9. FileWave patches two vulnerabilities that impacted more than 1,000 orgs
  10. DUCKTAIL: An infostealer malware targeting Facebook Business accounts (PDF)
  11. How cybercriminals are using messaging apps to launch malware schemes
  12. Major security vulnerability on PrestaShop websites
  13. Luca Stealer source code leaked on a cybercrime forum
  14. Examining new DawDropper banking dropper and DaaS on the dark web
  15. QBot phishing uses Windows Calculator DLL hijacking to infect devices
  16. LofyLife: malicious npm packages steal Discord tokens and bank card data
  17. Robin Banks might be robbing your bank
  18. Amid rising Magecart attacks on online ordering platforms, recent campaigns infect 311 restaurants
  19. Lightning Framework: New undetected “Swiss army knife” Linux malware
  20. LockBit ransomware group augments its latest variant, LockBit 3.0, with BlackMatter capabilities
  21. Attackers target Ukraine using GoMet backdoor
  22. APT trends report Q2 2022
  23. An analysis of Charming Kitten’s new tools and OPSEC errors
  24. STIFF#BIZON: New attack campaign observed possibly linked to Konni/APT37 (North Korea)
  25. Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
  26. Largest European DDoS attack on record

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *