IT Security Weekend Catch Up – November 26, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. A Russian missile crew was geolocated from just this photo
  2. Chinese national faces sentencing in US aviation spying case
  3. AirAsia victim of ransomware attack, passenger and employee data acquired
  4. Elon Musk hires PS3 hacker to work on Twitter
  5. A leak details Apple’s secret dirt on a trusted security startup
  6. Two Estonian citizens arrested in $575 million cryptocurrency fraud and money laundering scheme
  7. Police text 70,000 victims in UK’s biggest anti-fraud operation
  8. The latest threat to retailers this holiday season – Freebie Bots

For the more technical

  1. Chromium: Same Origin Policy bypass within a single site a.k.a. “Google Roulette”
  2. Token tactics: How to prevent, detect, and respond to cloud token theft
  3. Working PoC for CVE-2022-41040 and CVE-2022-41082 (A.K.A ProxyNotShell)
  4. Attackers are using these passwords to attack the RDP port right now
  5. Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers (PDF)
  6. Professional stealers: opportunistic scammers targeting users of Steam, Roblox, and Amazon in 111 countries
  7. Aurora: a rising stealer flying under the radar
  8. Fake MSI Afterburner sites delivering coin-miner
  9. Making Cobalt Strike harder for threat actors to abuse
  10. Nighthawk: An up-and-coming pentest tool likely to gain threat actor notice
  11. ViperSoftX: Hiding in system logs and spreading VenomSoftX
  12. AXLocker, Octocrypt, and Alice: Leading a new wave of ransomware campaigns
  13. LodaRAT meets new friends
  14. From zero to Zanubis
  15. Android SharkBot droppers on Google Play underline platform’s security needs
  16. Who tracked internet users in 2021–2022
  17. Twitter has a massive dark web problem
  18. Luna Moth callback phishing campaign
  19. Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester
  20. Earth Preta spear-phishing governments worldwide
  21. Vulnerable SDK components lead to supply chain risks in IoT and OT environments

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *