IT Security Weekend Catch Up – July 5, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Commission sends preliminary findings to Meta over its “Pay or Consent” model for breach of the Digital Markets Act
  2. A Bugatti car, a first lady and the fake stories aimed at Americans
  3. Introducing Docs in Proton Drive – collaborative document editing that’s actually private
  4. OpenAI’s ChatGPT Mac app was storing conversations in plain text
  5. Twilio says hackers identified cell phone numbers of two-factor app Authy users
  6. Europol coordinates global action against criminal abuse of Cobalt Strike
  7. Man charged over creation of ‘evil twin’ free WiFi networks to access personal data
  8. Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion
  9. LockBit claims cyberattack on Croatia’s largest hospital

For the more technical

  1. Android Security Bulletin – July 2024
  2. Pixel Update Bulletin – July 2024
  3. Polyfill.io supply chain attack – Digging into the web of compromised domains
  4. Vulnerabilities in CocoaPods open the door to supply chain attacks against thousands of iOS and MacOS applications
  5. regreSSHion: Remote unauthenticated code execution vulnerability in OpenSSH server
  6. RegreSSHion bug raises alarms but experts question chances of widespread exploitation
  7. Indirector: High-precision branch target injection attacks exploiting the Indirect Branch Predictor (PDF)
  8. Cisco NX-OS software CLI command injection vulnerability
  9. Perma-vuln: D-Link DIR-859, CVE-2024-0769
  10. Vulnerabilities in PanelView Plus devices could lead to remote code execution
  11. Juniper releases out-of-cycle fix for max severity auth bypass flaw
  12. GrimResource – Microsoft Management Console for initial access and evasion
  13. The rise of packet rate attacks: When core routers turn evil
  14. CapraTube remix: Transparent Tribe’s Android spyware targeting gamers, weapons enthusiasts
  15. Exposing FakeBat loader: distribution methods and adversary infrastructure
  16. Eldorado ransomware: The new golden empire of cybercrime?
  17. New ransomware operator Volcano Demon serving up LukaLocker
  18. Mekotio banking trojan threatens financial systems in Latin America
  19. Building Casper’s Shadow
  20. New InnoSetup malware created upon each download attempt
  21. How to detect the modular RAT Csharp-Streamer
  22. Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware
  23. Caught in the net: Using infostealer logs to unmask CSAM consumers

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *