IT Security Weekend Catch Up – May 28, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. This new tool lets you analyse TikTok hashtags
  2. CSAM Scanning: EU Commission’s lies uncovered – Surveillance will not save the children
  3. Children’s rights violations by governments that endorsed online learning during the Covid-19 pandemic
  4. DuckDuckGo browser allows Microsoft trackers due to search agreement
  5. A face search engine anyone can use is alarmingly accurate
  6. Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says
  7. Russian hackers are linked to new Brexit leak website, Google says
  8. Hackers took control of famous NFT artist Beeple’s Twitter account
  9. Elon Musk deep fakes promote new BitVex cryptocurrency scam
  10. US car giant General Motors hit by cyber-attack exposing car owners’ personal info
  11. Hacker steals database of hundreds of Verizon employees
  12. Over 8 GB database exposing millions of hotel guests dumped (for free) on Telegram
  13. Ransomware attack exposes data of 500,000 Chicago students
  14. SpiceJet airline passengers stranded after ransomware attack
  15. Darknet market Versus shuts down after hacker leaks security flaw
  16. Suspected head of cybercrime gang arrested in Nigeria

For the more technical

  1. Popular Python and PHP libraries hijacked to steal AWS keys
  2. Hacker says hijacking libraries, stealing AWS keys was ethical research
  3. ISaPWN – research on the security of ISaGRAF Runtime
  4. PS4 Aux Hax 5: Flawed instructions get optimized
  5. Pre-hijacking attacks on web user accounts (PDF)
  6. Zyxel security advisory for multiple vulnerabilities of firewalls, AP controllers, and APs
  7. VMware authentication bypass vulnerability (CVE-2022-22972) technical deep dive
  8. Cisco Adaptive Security Appliance software Clientless SSL VPN heap overflow vulnerability
  9. Quanta servers (still) vulnerable to pantsdown
  10. Fake Windows exploits target infosec community with Cobalt Strike
  11. Photos of abused victims used in new ID verification scam
  12. Zoom: Remote code execution with XMPP Stanza Smuggling
  13. Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)
  14. What’s wrong with automotive mobile apps?
  15. Android apps with millions of downloads exposed to high-severity vulnerabilities
  16. PDF malware is not yet dead
  17. ChromeLoader: a pushy malvertiser
  18. GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need
  19. Yashma ransomware, tracing the Chaos family tree
  20. New Nokoyawa variant catching up to peers with Blatant code reuse
  21. New Linux-based ransomware Cheerscrypt targets ESXi devices
  22. REvil resurgence? Or a copycat?
  23. IT threat evolution in Q1 2022. Mobile & non-mobile statistics
  24. Beneath the surface: Uncovering the shift in web skimming
  25. Sandworm uses a new version of ArguePatch to attack targets in Ukraine
  26. Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes
  27. Unknown APT group has targeted Russia repeatedly since Ukraine invasion
  28. Hunting a global telecommunications threat: DecisiveArchitect and Its custom implant JustForFun
  29. Threat group naming schemes in cyber threat intelligence
  30. Fronton: A botnet for creation, command, and control of coordinated inauthentic behavior

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *