IT Security Weekend Catch Up – November 14, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. MLAT order from Luxembourg for Signal user data
  2. Reward offers for information to bring DarkSide ransomware variant co-conspirators to justice
  3. Russian cybercriminal sentenced to 10 years in prison for digital advertising fraud scheme
  4. Ukrainian arrested and charged with ransomware attack on Kaseya
  5. Five affiliates to Sodinokibi/REvil unplugged
  6. MediaMarkt hit by Hive ransomware, initial $240 million ransom
  7. Cyber attack at MediaMarkt: hackers demand 50 million dollars
  8. A cyber mercenary is hacking the Google and Telegram accounts of presidential candidates, journalists and doctors
  9. Turkey: Hackers allegedly used streaming platform Twitch to launder $10m
  10. Robinhood hackers accessed internal tool for removing account security features, screenshots show
  11. Booking.com was reportedly hacked by a US intel agency but never told customers

For the more technical

  1. Microsoft November 2021 Patch Tuesday
  2. Windows 10 privilege-escalation zero-day gets an unofficial fix
  3. Zero-day disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064
  4. Trojan Source: Invisible vulnerabilities
  5. The invisible JavaScript backdoor
  6. Firefox vs Chromium
  7. BrakTooth proof of concept
  8. New critical vulnerabilities found on Nucleus TCP/IP stack
  9. Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog
  10. Analyzing a watering hole campaign using macOS exploits
  11. OSX.CDDS – a sophisticated watering hole campaign drops a new macOS implant
  12. Critical security vulnerability fixed in WP Reset PRO
  13. FBI system hacked to email ‘urgent’ warning about fake cyberattacks
  14. Streaming wars continue — what about cyberthreats?
  15. Phishing with Google’s domain
  16. Spoofing calendar invites using .ics files
  17. Webinject panel administration: A vantage point into multiple threat actor campaigns
  18. BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
  19. A new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
  20. DDoS attacks in Q3 2021
  21. TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
  22. The far-reaching attacks of the Void Balaur cybermercenary group (PDF)
  23. New Android malware targets Netflix, Instagram, and Twitter users
  24. PhoneSpy: The app-based cyberattack snooping South Korean citizens

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *