IT Security Weekend Catch Up – November 4, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. TikTok tells European users its staff in China get access to their data
  2. Amazon accidentally exposed an internal server packed with Prime Video viewing habits
  3. Whether you use Android or iOS, no one is 100% secured
  4. Liz Truss phone hack claim prompts calls for investigation
  5. Facebook probably has your phone number, even if you never shared it. Now it has a secret tool to let you delete it
  6. Accused ‘Raccoon’ malware developer fled Ukraine after Russian invasion
  7. World’s second largest copper producer recovering from cyberattack
  8. Hundreds of U.S. news sites push malware in supply-chain attack
  9. Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit

For the more technical

  1. Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
  2. OpenSSL: Overview of software (un)affected by vulnerability
  3. Juniper SSLVPN / JunOS RCE and multiple vulnerabilities
  4. CosMiss: Azure Cosmos DB Notebook remote code execution vulnerability
  5. Microsoft mitigates vulnerability in Jupyter Notebooks for Azure Cosmos DB
  6. Pre-authenticated remote code execution in VMWare NSX Manager
  7. Black Mass Halloween 2022 by vx-underground (PDF)
  8. Find the needle faster with hashR data
  9. Dozens more PyPI packages attempting to deliver W4SP stealer in ongoing supply-chain attack
  10. How we handled a recent phishing incident that targeted Dropbox
  11. Galaxy Store applications installation/launching without user interaction
  12. Inside the V1 Raccoon Stealer’s den
  13. New Azov data wiper tries to frame researchers and BleepingComputer
  14. APT10: Tracking down LODEINFO 2022, part I & part II
  15. OPERA1ER: Playing god without permission (PDF)
  16. Internal chats for Yanluowang ransomware gang leaked; reveal members are Russian, not Chinese
  17. Black Basta ransomware: Attacks deploy custom EDR evasion tools tied to FIN7 threat actor
  18. APT trends report Q3 2022
  19. ENISA Threat Landscape 2022
  20. Ransomware victims and network access sales in Q3 2022
  21. Malware wars: the attack of the droppers
  22. Malware on the Google Play store leads to harmful phishing sites
  23. Emotet botnet starts blasting malware again after 4 month break

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *