Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Apple, Google, and Microsoft want to kill the password with “Passkey” standard użytkowników
- Google Ads Safety Report 2021 (PDF)
- Grindr user data was sold through ad networks
- U.S. DoD tricked into paying $23.5 million to phishing actor
- FBI Internet Crime Report 2021 (PDF)
For the more technical
- Mobile subscription trojans and their little tricks
- Android monthly updates are out – critical bugs found in critical places
- Unpatched DNS bug in popular C standard library putting IoT at risk
- TLStorm 2 – NanoSSL TLS library misuse leads to vulnerabilities in common switches
- Vulnerabilities in Avast and AVG put millions at risk
- Introducing Package Analysis: Scanning open source packages for malicious behavior
- [VIDEO] Solving all Web CTF tasks from NahamCon
- Google SMTP relay service abused for sending phishing emails
- Raspberry Robin gets the worm early
- A new secret stash for “fileless” malware
- Emotet tests new delivery techniques
- Ransomware: April 2022 review
- AvosLocker ransomware variant abuses driver file to disable anti-virus, scans for Log4shell
- Conti, REvil, LockBit ransomware bugs exploited to block encryption
- The hermit kingdom’s ransomware play
- Trello from the other side: Tracking APT29 phishing campaigns
- UNC3524: Eye spy on your email
- The Lotus Panda is awake, again. Analysis of its last strike
- Moshen Dragon’s triad-and-error approach: Abusing security software to sideload PlugX and ShadowPad
- Operation CuckooBees: Cybereason uncovers massive Chinese intellectual property theft operation
- Update on cyber activity in Eastern Europe
- Compromised Docker honeypots used for pro-Ukrainian DoS attack
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.