IT Security Weekend Catch Up – November 15, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. Campaign “Reclaim your face” calls for a ban on biometric mass surveillance
2. Surveillance disclosures show urgent need for reforms to EU aid programmes
3. Zoom lied to users about end-to-end encryption for years, FTC says
4. Windows 10, iOS, Chrome, and many others fall at China’s top hacking contest
5. Pwn2Own Tokyo results [1] [2] [3]
6. Compal, the second-largest laptop manufacturer in the world, hit by ransomware
7. Steelcase furniture giant down for 2 weeks after ransomware attack
8. Hotel reservation platform leaves millions of people exposed in massive data breach
9. Animal Jam kids’ virtual world hit by data breach, impacts 46M accounts
10. Customer data from encrypted phone company Ciphr has been dumped online
11. CIA controlled global encryption company for decades, says report
12. Former Microsoft software engineer sentenced to nine years in prison for stealing more than $10 million in digital value such as gift cards
13. How the Pentagon is trolling Russian, Chinese hackers with cartoons
14. GCHQ spies launch cyber counter-attack against anti-vaccine propaganda being spread by Russia

For the more technical

1. DNS cache poisoning, the Internet attack from 2008, is back from the dead (PDF)
2. Microsoft November 2020 Patch Tuesday + more information
3. Microsoft fixes Windows zero-day disclosed by Google last month
4. Sleep Attack: Intel Bootguard vulnerability waking from S3
5. New Platypus attack can steal data from Intel CPUs
6. Windows 10 Intel microcode released to fix new CPU security bugs
7. New Slipstream NAT bypass attacks to be blocked by browsers
8. Bitdefender: UPX unpacking featuring ten memory corruptions
9. Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
10. Critical privilege escalation vulnerabilities affect 100k sites using Ultimate Member plugin
11. Extraordinary vulnerabilities discovered in TCL Android TVs, now world’s 3rd largest TV manufacturer
12. Mysterious bugs were used to hack iPhones and Android phones and no one will talk about it
13. How to get root on Ubuntu 20.04 by pretending nobody’s /home
14. Your computer isn’t yours
15. Apple apps on macOS Big Sur bypass firewall and VPN connections
16. Cyberattacks targeting health care must stop
17. ICS threat activity on the rise in manufacturing sector
18. The CostaRicto campaign: cyber-espionage outsourced
19. Honour among thieves: the study of a cybercrime marketplace in action
20. xHunt campaign: newly discovered backdoors using deleted email drafts and DNS tunneling for Command and Control
21. Israeli companies targeted with new Pay2Key ransomware
22. Targeted ransomware: it’s not just about encrypting your data
23. Ransomware group turns to Facebook ads
24. Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
25. Alleged source code of Cobalt Strike toolkit shared online
26. Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal
27. Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin
28. How NOT to do phishing attacks
29. How did that get in my phone? Unwanted app distribution on Android devices (PDF)
30. Ghimob: a Tétrade threat actor moves to infect mobile devices
31. Fraudulent Minecraft apps deceive millions of Google Play users

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.