Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- A Russian missile crew was geolocated from just this photo
- Chinese national faces sentencing in US aviation spying case
- AirAsia victim of ransomware attack, passenger and employee data acquired
- Elon Musk hires PS3 hacker to work on Twitter
- A leak details Apple’s secret dirt on a trusted security startup
- Two Estonian citizens arrested in $575 million cryptocurrency fraud and money laundering scheme
- Police text 70,000 victims in UK’s biggest anti-fraud operation
- The latest threat to retailers this holiday season – Freebie Bots
For the more technical
- Chromium: Same Origin Policy bypass within a single site a.k.a. “Google Roulette”
- Token tactics: How to prevent, detect, and respond to cloud token theft
- Working PoC for CVE-2022-41040 and CVE-2022-41082 (A.K.A ProxyNotShell)
- Attackers are using these passwords to attack the RDP port right now
- Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers (PDF)
- Professional stealers: opportunistic scammers targeting users of Steam, Roblox, and Amazon in 111 countries
- Aurora: a rising stealer flying under the radar
- Fake MSI Afterburner sites delivering coin-miner
- Making Cobalt Strike harder for threat actors to abuse
- Nighthawk: An up-and-coming pentest tool likely to gain threat actor notice
- ViperSoftX: Hiding in system logs and spreading VenomSoftX
- AXLocker, Octocrypt, and Alice: Leading a new wave of ransomware campaigns
- LodaRAT meets new friends
- From zero to Zanubis
- Android SharkBot droppers on Google Play underline platform’s security needs
- Who tracked internet users in 2021–2022
- Twitter has a massive dark web problem
- Luna Moth callback phishing campaign
- Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester
- Earth Preta spear-phishing governments worldwide
- Vulnerable SDK components lead to supply chain risks in IoT and OT environments
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.