IT Security Weekend Catch Up – May 25, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Zoom launches post-quantum encryption to secure user data
  2. New Windows AI feature records everything you’ve done on your PC
  3. When online content disappears
  4. Cencora data breach exposes US patient info from 8 drug companies
  5. Eventbrite promoted illegal opioid sales to people searching for addiction recovery help
  6. Owner of Incognito dark web drugs market arrested in New York
  7. UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments
  8. Two Santa Cruz students uncover security bug that let anyone do their laundry for free

For the more technical

  1. QNAP QTS – QNAPping at the wheel (CVE-2024-27130 and friends)
  2. D-Link DIR-X4860 security vulnerabilities – technical analysis
  3. Rockwell Automation warns admins to take ICS devices offline
  4. New ‘Siren’ mailing list aims to share threat intelligence for open source projects
  5. Linguistic Lumberjack: Attacking cloud services via logging endpoints (Fluent Bit – CVE-2024-4323)
  6. CVE-2024-4978: Backdoored Justice AV Solutions Viewer software used in apparent supply chain attack
  7. Supply-chain attacks in LLMs: From GGUF model format metadata RCE, to state-of-the-art NLP project RCEs
  8. Reverse engineering Electron apps to discover APIs
  9. Surveilling the masses with Wi-Fi-based positioning systems
  10. DNSBomb pulsing DoS attack
  11. Stealers, stealers and more stealers
  12. Spring cleaning with Latrodectus: A potential replacement for IcedID
  13. Grandoreiro banking trojan unleashed
  14. Corporate users targeted via malicious ads and modals
  15. Ongoing malvertising campaign leads to ransomware
  16. ShrinkLocker: Turning BitLocker into ransomware
  17. Invisible miners: unveiling GhostEngine’s crypto mining operations
  18. Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign
  19. Void Manticore destructive activities in Israel
  20. Transparent Tribe targets Indian government, defense, and aerospace sectors leveraging cross-platform programming languages
  21. Operation Diplomatic Specter: An active Chinese cyberespionage campaign leverages rare tool set to target governmental entities in the Middle East, Africa and Asia

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *