IT Security Weekend Catch Up – November 15, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Campaign “Reclaim your face” calls for a ban on biometric mass surveillance
  2. Surveillance disclosures show urgent need for reforms to EU aid programmes
  3. Zoom lied to users about end-to-end encryption for years, FTC says
  4. Windows 10, iOS, Chrome, and many others fall at China’s top hacking contest
  5. Pwn2Own Tokyo results [1] [2] [3]
  6. Compal, the second-largest laptop manufacturer in the world, hit by ransomware
  7. Steelcase furniture giant down for 2 weeks after ransomware attack
  8. Hotel reservation platform leaves millions of people exposed in massive data breach
  9. Animal Jam kids’ virtual world hit by data breach, impacts 46M accounts
  10. Customer data from encrypted phone company Ciphr has been dumped online
  11. CIA controlled global encryption company for decades, says report
  12. Former Microsoft software engineer sentenced to nine years in prison for stealing more than $10 million in digital value such as gift cards
  13. How the Pentagon is trolling Russian, Chinese hackers with cartoons
  14. GCHQ spies launch cyber counter-attack against anti-vaccine propaganda being spread by Russia

For the more technical

  1. DNS cache poisoning, the Internet attack from 2008, is back from the dead (PDF)
  2. Microsoft November 2020 Patch Tuesday + more information
  3. Microsoft fixes Windows zero-day disclosed by Google last month
  4. Sleep Attack: Intel Bootguard vulnerability waking from S3
  5. New Platypus attack can steal data from Intel CPUs
  6. Windows 10 Intel microcode released to fix new CPU security bugs
  7. New Slipstream NAT bypass attacks to be blocked by browsers
  8. Bitdefender: UPX unpacking featuring ten memory corruptions
  9. Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
  10. Critical privilege escalation vulnerabilities affect 100k sites using Ultimate Member plugin
  11. Extraordinary vulnerabilities discovered in TCL Android TVs, now world’s 3rd largest TV manufacturer
  12. Mysterious bugs were used to hack iPhones and Android phones and no one will talk about it
  13. How to get root on Ubuntu 20.04 by pretending nobody’s /home
  14. Your computer isn’t yours
  15. Apple apps on macOS Big Sur bypass firewall and VPN connections
  16. Cyberattacks targeting health care must stop
  17. ICS threat activity on the rise in manufacturing sector
  18. The CostaRicto campaign: cyber-espionage outsourced
  19. Honour among thieves: the study of a cybercrime marketplace in action
  20. xHunt campaign: newly discovered backdoors using deleted email drafts and DNS tunneling for Command and Control
  21. Israeli companies targeted with new Pay2Key ransomware
  22. Targeted ransomware: it’s not just about encrypting your data
  23. Ransomware group turns to Facebook ads
  24. Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
  25. Alleged source code of Cobalt Strike toolkit shared online
  26. Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal
  27. Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin
  28. How NOT to do phishing attacks
  29. How did that get in my phone? Unwanted app distribution on Android devices (PDF)
  30. Ghimob: a Tétrade threat actor moves to infect mobile devices
  31. Fraudulent Minecraft apps deceive millions of Google Play users

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *