IT Security Weekend Catch Up – June 10, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Italian city of Palermo shuts down all systems to fend off cyberattack
  2. Mandiant: “No evidence” we were hacked by LockBit ransomware
  3. Shields Health Care Group data breach affects 2 million patients
  4. SSNDOB shutdown: DOJ announces closure of darknet market selling social security numbers and other personally identifiable information
  5. AlphaBay is taking over the dark web – again
  6. How crypto giant Binance became a hub for hackers, fraudsters and drug traffickers
  7. Smartphones blur the line between civilian and combatant

For the more technical

  1. CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
  2. Free micropatches for “Follina” Microsoft Diagnostic Tool remote code execution 0day (CVE-2022-30190)
  3. Microsoft Diagnostic Tool “DogWalk” package path traversal gets free micropatches (0day/WontFix)
  4. Multiple vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
  5. Horde Webmail – remote code execution via email
  6. Router security in 2021
  7. Hackers can steal your Tesla by creating their own personal keys
  8. More mysterious DNS root query traffic from a large cloud/DNS operator
  9. Introduction to VirtualBox security research
  10. Android security bulletin – June 2022
  11. Top 10 Android banking trojans target apps with 1 billion downloads
  12. Symbiote: A new, nearly-impossible-to-detect Linux threat
  13. SVCReady: A new loader gets ready
  14. Analysis of the massive NDSW/NDSX malware campaign
  15. Cuba ransomware group’s new variant found using optimized infection techniques
  16. Bizarre ransomware sells decryptor on Roblox Game Pass store
  17. KELA’s ransomware victims and network access sales report (PDF)
  18. New Emotet variant stealing users’ credit card information from Google Chrome
  19. Qbot malware now uses Windows MSDT zero-day in phishing attacks
  20. Shining the light on Black Basta
  21. Black Basta ransomware goes cross-platform, now targets ESXi systems
  22. Phishing tactics: how a threat actor stole 1M credentials in 4 months
  23. Crypto stealing campaign spread via fake cracked software
  24. MakeMoney malvertising campaign adds fake update template
  25. US agencies detail the digital ‘plumbing’ used by Chinese state-sponsored hackers
  26. Aoqin Dragon. Newly-discovered Chinese-linked APT has been quietly spying on organizations for 10 years
  27. Growling bears make thunderous noise
  28. Lyceum .NET DNS backdoor

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *