IT Security Weekend Catch Up – March 7, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. SolarWinds officials throw intern under the bus for ‘solarwinds123’ password fail
  2. Malaysia Airlines discloses a breach spanning 9 years of data
  3. Airlines warn of data breaches after SITA passenger system hack
  4. Three top Russian cybercrime forums hacked
  5. Google: Charting a course towards a more privacy-first web

For the more technical

  1. Operation Exchange marauder: Active exploitation of multiple zero-day Microsoft Exchange vulnerabilities
  2. Detection and response to exploitation of Microsoft Exchange zero-day vulnerabilities
  3. HAFNIUM targeting Exchange Servers with 0-day exploits
  4. At least 30,000 U.S. organizations newly hacked via holes in Microsoft’s email software
  5. ProxyLogon: The latest pre-authenticated Remote Code Execution vulnerability on Microsoft Exchange Server
  6. Microsoft fixes Windows 10 drive corruption bug — what you need to know
  7. How I might have hacked any Microsoft account
  8. Hijacking traffic to Microsoft’s windows.com with bitflipping + more information
  9. Working Windows and Linux Spectre exploits found on VirusTotal + more information
  10. Hunting for bugs in Windows mini-filter drivers
  11. Microsoft DirectWrite heap-based buffer overflow
  12. Anatomy of an exploit: RCE with CVE-2020-1350 SIGRed
  13. Google patches actively exploited Chrome browser zero-day vulnerability + more information
  14. Unsecured cloud configurations exposing information in thousands of mobile apps
  15. coding mistake prior to Gab hack came from site’s CTO
  16. Cybersecurity firm Qualys is the latest victim of Accellion hacks + more information
  17. Elite cybercrime rorum “Maza” breached by unknown attacker
  18. 21 million free VPN users’ data exposed
  19. Are Xiaomi browsers spyware? Yes, they are…
  20. Supermicro’s response to Trickboot vulnerability, March 2021
  21. GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
  22. New SUNSHUTTLE second-stage backdoor uncovered targeting U.S.-based entity; possible connection to UNC2452
  23. FluBot: Malware analysis report (PDF)
  24. Centreon to Exim and back: On the trail of Sandworm
  25. How I hacked a nuclear power plant
  26. BlackBerry 2021 Threat Report (PDF)
  27. Windows Killed Process Canary
  28. Google Analytics: Stop feeding the beast

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *