IT Security Weekend Catch Up – November 22, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. NSO – not government clients – operates its spyware, legal documents reveal
  2. South Korean police arrest 215 people in suspected $228m crypto scam
  3. Bitfinex hack launderer Heather ‘Razzlekhan’ Morgan sentenced to 18 months in prison
  4. Five alleged members of Scattered Spider cybercrime group charged for breaches, theft of $11 million
  5. US seizes PopeyeTools cybercrime marketplace, charges administrators
  6. Fake letters on behalf of MeteoSwiss – Instead of a ‘Severe Weather Warning App’, malware is downloaded
  7. Ford rejects breach allegations, says customer data not impacted
  8. Pokémon Go players have unwittingly trained AI to navigate the world
  9. Child safety org launches AI model trained on real child sex abuse images
  10. It’s surprisingly easy to jailbreak LLM-driven robots

For the more technical

  1. Issue #5 of Paged Out! magazine is now available
  2. 2024 CWE Top 25 Most Dangerous Software Weaknesses
  3. Apple confirms vulnerabilities are already being exploited
  4. Pots and Pans, AKA an SSLVPN – Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
  5. Forti-fied? Logging blind spot revealed in FortiClient VPN
  6. Five local privilege escalation vulnerabilities in needrestart
  7. 4,000,000 WordPress sites using Really Simple Security free and pro versions affected by critical authentication bypass vulnerability
  8. Leveling up fuzzing: Finding more vulnerabilities with AI
  9. Inside Water Barghest’s rapid exploit-to-market strategy for IoT devices
  10. Ghost Tap: New cash-out tactic with NFC Relay
  11. ClickFix social engineering technique floods threat landscape
  12. Lessons from a honeypot with US citizens’ data
  13. One sock fits all: The use and abuse of The NSOCKS Botnet
  14. New PXA Stealer targets government and education sectors for sensitive information
  15. Lumma Stealer on the rise: How Telegram channels are fueling malware proliferation
  16. Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine
  17. A deep-dive analysis of WezRat
  18. BabbleLoader, an evasive loader packed with defensive mechanisms
  19. Helldown Ransomware: an overview of this emerging threat
  20. Unraveling Raspberry Robin’s layers: Analyzing obfuscation techniques and core mechanisms
  21. Earth Kasha’s new LODEINFO campaign and the correlation analysis with the APT10 Umbrella

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *