IT Security Weekend Catch Up – November 26, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. A Russian missile crew was geolocated from just this photo
  2. Chinese national faces sentencing in US aviation spying case
  3. AirAsia victim of ransomware attack, passenger and employee data acquired
  4. Elon Musk hires PS3 hacker to work on Twitter
  5. A leak details Apple’s secret dirt on a trusted security startup
  6. Two Estonian citizens arrested in $575 million cryptocurrency fraud and money laundering scheme
  7. Police text 70,000 victims in UK’s biggest anti-fraud operation
  8. The latest threat to retailers this holiday season – Freebie Bots

For the more technical

  1. Chromium: Same Origin Policy bypass within a single site a.k.a. “Google Roulette”
  2. Token tactics: How to prevent, detect, and respond to cloud token theft
  3. Working PoC for CVE-2022-41040 and CVE-2022-41082 (A.K.A ProxyNotShell)
  4. Attackers are using these passwords to attack the RDP port right now
  5. Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers (PDF)
  7. Professional stealers: opportunistic scammers targeting users of Steam, Roblox, and Amazon in 111 countries
  8. Aurora: a rising stealer flying under the radar
  9. Fake MSI Afterburner sites delivering coin-miner
  10. Making Cobalt Strike harder for threat actors to abuse
  11. Nighthawk: An up-and-coming pentest tool likely to gain threat actor notice
  12. ViperSoftX: Hiding in system logs and spreading VenomSoftX
  13. AXLocker, Octocrypt, and Alice: Leading a new wave of ransomware campaigns
  14. LodaRAT meets new friends
  15. From zero to Zanubis
  16. Android SharkBot droppers on Google Play underline platform’s security needs
  17. Who tracked internet users in 2021–2022
  18. Twitter has a massive dark web problem
  19. Luna Moth callback phishing campaign
  20. Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester
  21. Earth Preta spear-phishing governments worldwide
  22. Vulnerable SDK components lead to supply chain risks in IoT and OT environments

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *