IT Security Weekend Catch Up – November 12, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. British govt is scanning all Internet devices hosted in UK
  2. AstraZeneca password lapse exposed patient data
  3. Danish train standstill on Saturday caused by cyber attack
  4. LockBit ransomware claims attack on Continental automotive giant
  5. Man charged for participation in LockBit global ransomware campaign (PDF)
  6. ALMA Observatory shuts down operations due to a cyberattack
  7. How Qatar hacked the World Cup
  8. U.S. attorney announces historic $3.36 billion cryptocurrency seizure and conviction in connection with Silk Road dark web fraud
  9. Ukraine arrests fraud ring members who made €200 million per year
  10. Nigerian scammer sentenced to 11 years in US prison
  11. Z-Library eBook site domains seized by U.S. Dept of Justice
  12. Fake books about NFT
  13. LinkedIn introduces new security features to combat fake accounts
  14. Researchers spin up terrifying hacker drone that can ‘see through walls’ with Wifi

For the more technical

  1. Exploring ZIP mark-of-the-web bypass vulnerability (CVE-2022-41049)
  2. Microsoft November 2022 Patch Tuesday
  3. VMware Workspace ONE Assist update addresses multiple vulnerabilities
  4. ‘High-severity’ vulnerability found in computers used by large oil and gas utilities
  5. Lenovo fixes flaws that can be used to disable UEFI Secure Boot
  6. The case of Cloud9 Chrome botnet
  7. A very powerful clipboard: Analysis of a Samsung in-the-wild exploit chain
  8. Accidental $70k Google Pixel lock screen bypass
  9. Malware on the Google Play store leads to harmful phishing sites
  10. Apple may keep track of everything you tap while browsing the App Store
  11. PayPal allows bypassing two-factor auth with a button click  –  claims “It’s for your protection”
  12. Cyber criminal adoption of IPFS for phishing, malware campaigns
  13. Twitter Blue Badge email scams – Don’t fall for them!
  14. Massive ois[.]is black hat redirect malware campaign
  15. Massive phishing campaigns target India banks’ clients
  16. PNG steganography hides backdoor
  17. StrelaStealer aims for mail credentials
  18. Microsoft Digital Defense Report 2022 (PDF)
  19. DDoS attacks in Q3 2022 (Kaspersky)
  20. Q3 2022 DDoS attacks and BGP incidents (Qrator Labs)
  21. Hacktivists use of DDoS activity causes minor impacts (PDF)
  22. Robin Banks crooks back at the table with fresh phish from Russia
  23. DeimosC2: What SOC analysts and incident responders need to know about this C&C framework
  24. Defeating Guloader anti-analysis technique
  25. RomCom threat actor abuses KeePass and SolarWinds to target Ukraine and potentially the United Kingdom
  26. New updated IceXLoader claims thousands of victims around the world
  27. Following APT29 by taking a deeper look at Windows credential roaming
  28. Hack the real box: APT41’s new subgroup Earth Longzhi

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *