IT Security Weekend Catch Up – July 9, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. HackerOne employee stole data from bug bounty reports for financial gain
  2. Hackers claim theft of police info in China’s largest data leak
  3. Marriott hacked again? Yes. Here’s what we know
  4. Google allowed a sanctioned Russian ad company to harvest user data for months
  5. More and more, artificial intelligence is keeping the world under watch
  6. Algorithm claims to predict crime in US cities before it happens
  7. Apple expands industry-leading commitment to protect users from highly targeted mercenary spyware
  8. Microsoft rolls back decision to block Office macros by default

For the more technical

  1. Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug
  2. 2022 0-day In-the-Wild Exploitation…so far
  3. Security advisory accidentally exposes vulnerable systems
  4. Attack on Titan M: Vulnerability research on a modern security chip
  5. Ledger HW.1 & Nano security keycard bypass + more information
  6. Django fixes SQL Injection vulnerability in new releases
  7. CVE-2022-28219: Unauthenticated XXE to RCE and domain compromise in ManageEngine ADAudit Plus
  8. Dynamic analysis of firmware components in IoT devices
  9. Police can trace cameras thanks to sensor imperfection ‘fingerprints’
  10. “CuteBoi” detected preparing a large-scale crypto mining campaign on NPM users
  11. IconBurst NPM software supply chain attack grabs data from apps and websites
  12. Fake copyright complaints push IcedID malware using Yandex Forms
  13. Unprecedented shift: The Trickbot group is systematically attacking Ukraine
  14. Threat report: Maui ransomware (PDF)
  15. North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector
  16. New RedAlert ransomware targets Windows, Linux VMware ESXi servers
  17. AstraLocker ransomware shuts down and releases decryptors
  18. Brand-new HavanaCrypt ransomware poses as Google software update app, uses Microsoft hosting service IP address as C&C server
  19. When pentest tools go brutal: Red-teaming tool being abused by malicious actors
  20. Microsoft finds Raspberry Robin worm in hundreds of Windows networks
  21. PennyWise stealer: An evasive infostealer leveraging YouTube to infect users
  22. Russian organizations increasingly under attack by Chinese APTs

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *