IT Security Weekend Catch Up – October 26, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. US unveils new rules to block China, Russia and Iran from accessing bulk US data
  2. Pegasus spyware firm NSO lobbies to get off U.S. blacklist
  3. What internet data brokers have on you – and how you can start to get it back
  4. Dutch government will replace hackable traffic lights to avoid movie-like carnage
  5. Goodbye, floppies – San Francisco pays Hitachi $212 million to remove 5.25-inch disks from its light rail service
  6. Internet Archive breached again through stolen access tokens
  7. Four cyber companies fined for SolarWinds disclosure failures
  8. Russia sentences REvil ransomware members to over 4 years in prison
  9. Teenager took his own life after falling in love with AI chatbot. Now his devastated mom is suing the creators
  10. Researchers say an AI-powered transcription tool used in hospitals invents things no one ever said
  11. ByteDance intern fired for planting malicious code in AI models

For the more technical

  1. Pwn2Own Ireland 2024 – day one, two, three & four
  2. Investigating FortiManager zero-day exploitation (CVE-2024-47575)
  3. Fortinet FortiGate CVE-2024-23113 – A super complex vulnerability in a super secure appliance in 2024
  4. Exposing the danger within: Hardcoded cloud credentials in popular mobile apps
  5. Embargo ransomware: Rock’n’Rust
  6. Akira ransomware continues to evolve
  7. macOS NotLockBit | Evolving ransomware samples suggest a threat actor sharpening its tools
  8. Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
  9. New Qilin.B ransomware variant boasts enhanced encryption and defense evasion
  10. Unmasking Lumma Stealer: Analyzing deceptive tactics with fake CAPTCHA
  11. Largest retail breach in history: 350 million “Hot Topic” customers’ personal & payment data exposed — as a result of infostealer infection
  12. Inside the Latrodectus malware campaign
  13. Latrodectus: A year in the making
  14. Tricks and treats: GHOSTPULSE’s new pixel- level deception
  15. Using gRPC and HTTP/2 for cryptominer deployment: An unconventional approach
  16. Unmasking Prometei: A deep dive into our MXDR findings
  17. Operation Cobalt Whisper: Threat actor targets multiple industries across Hong Kong and Pakistan
  18. Highlighting TA866/Asylum Ambuscade activity since 2021
  19. EIW – ESET Israel Wiper – used in active attacks targeting Israeli orgs

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *