IT Security Weekend Catch Up – October 17, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. The NSA phone surveillance program was illegal and expensive: And it did not stop a single terrorist attack
  2. A prison video visitation service exposed private calls between inmates and their attorneys
  3. Universities are using surveillance software to spy on students
  4. ICO fines British Airways £20m for data breach affecting more than 400,000 customers
  5. German authorities raid FinFisher offices
  6. 20 arrests in QQAAZZ multi-million money laundering case
  7. Officials announce international operation targeting transnational criminal organization QQAAZZ
  8. Ubisoft, Crytek data posted on ransomware gang’s site
  9. Barnes & Noble hit by cyberattack that exposed customer data
  10. Bitcoin wallet update trick has netted criminals more than $22 million
  11. Five Eyes governments, India, and Japan make new call for encryption backdoors
  12. United States, six other nations ask tech companies to build backdoors to encrypted communications
  13. Microsoft will adopt Google Chrome’s controversial Manifest V3 in Edge

For the more technical

  1. Microsoft October 2020 Patch Tuesday
  2. Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux
  3. CVE-2020-16898 – Exploiting “Bad Neighbor” vulnerability
  4. Mutation XSS via namespace confusion – DOMPurify bypass
  5. Nano Defender has been sold to Turkish Developers and is now collecting personal data
  6. SonicWall VPN portal critical flaw (CVE-2020-5135)
  7. Linux: Heap-based type confusion in L2CAP (BleedingTooth)
  8. Linux: Stack-Based Information Leak in A2MP (BleedingTooth)
  9. Linux: Heap-Based Buffer Overflow in HCI event packet parser (BleedingTooth)
  10. Research: Can you build spyware for a Fitbit?
  11. Code execution via the Windows Update client (wuauclt)
  12. How to find vulnerabilities in code: Bad words
  13. Different ways to authenticate your APIs
  14. Exposing covert surveillance backdoors in children’s smartwatches
  15. APT actors chaining vulnerabilities against SLTT, critical infrastructure, and elections organizations
  16. The state of exploit development: 80% of exploits publish faster than CVEs
  17. “Front Door” into BazarBackdoor: Stealthy cybercrime weapon
  18. Trickbot disrupted
  19. Lemon Duck brings cryptocurrency miners back into the spotlight
  20. Exponential growth in DDoS attack volumes
  21. Twitter Investigation Report
  22. Shady deals: The destructive relationship between network access sellers and ransomware groups
  23. KELA’s 100 over 100: September 2020 in network access sales
  24. IAmTheKing and the SlothfulMedia malware family
  25. FIN11: Widespread email campaigns as precursor for ransomware and data theft
  26. Mapping malware use of open source offensive security tools (PDF) + OST Map
  27. Orca Security 2020 State of Virtual Appliance Security Report (PDF)
  28. How we’re tackling evolving online threats
  29. The Geography of BEC: The Global Reach of the World’s Top Cyber Threat (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *