IT Security Weekend Catch Up – November 8, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. FBI: Hackers stole source code from US government agencies and private companies
  2. More than $1bn in Bitcoin seized from Silk Road account by US government
  3. United States files a civil action to forfeit cryptocurrency valued at over one billion U.S. dollars (PDF)
  4. Russian cybercriminal sentenced to prison for role in $100 million botnet conspiracy
  5. GrapheneOS in a lawsuit for the survival of the project, this is really bad
  6. How police can crack locked phones – and extract information
  7. Google location data turned innocent cyclist into robbery suspect
  8. Government revive push to make apps like WhatsApp and iMessage weaken protections so they can read messages
  9. 23,600 hacked databases have leaked from a defunct ‘data breach index’ site
  10. Security blueprints of many companies leaked in hack of Swedish firm Gunnebo
  11. Italian beverage vendor Campari knocked offline after ransomware attack
  12. Capcom hit by Ragnar Locker ransomware, 1TB allegedly stolen
  13. Hacker is selling 34 million user records stolen from 17 companies
  14. Vulnonym: Stop the naming madness!
  15. Paid editing with political connections

For the more technical

  1. Abusing Teams client protocol to bypass Teams security policies
  2. How I found a Tor vulnerability in Brave Browser
  3. Remote Code Execution (RCE) via git-lfs
  4. How Facebook was used as a proxy by web scraping bots
  5. NAT Slipstreaming
  6. Attackers exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
  7. Oracle rushes emergency fix for critical WebLogic Server flaw
  8. Trick or treat: that twilio-npm package is brandjacking malware in disguise
  9. Attacking the face recognition authentication – how easy is it to fool it?
  10. Ransomware gangs don’t always delete stolen data when paid
  11. Anatomy of attack: Inside BazarBackdoor to Ryuk ransomware “one” group via Cobalt Strike
  12. REvil ransomware gang ‘acquires’ KPOT malware
  13. RansomEXX Trojan attacks Linux systems
  14. Malware analysis report: ComRAT & Zebrocy
  15. Gaza and West-Bank hackers exploit and monetize corporate VoIP phone system vulnerability internationally
  16. Live off the land? How about bringing your own island? An overview of UNC1945
  17. Back to the future: Inside the Kimsuky KGH spyware suite
  18. A new APT uses DLL side-loads to “KilllSomeOne”
  19. Attacks on industrial enterprises using RMS and TeamViewer: new data
  20. Cannabis growing community site exposes 3.4 million user records and passwords

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *