Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Here’s the FBI’s internal guide for getting data from AT&T, T-Mobile, Verizon
- Location data firm got GPS data from apps even when people opted out
- 12 targeted for involvement in ransomware attacks against critical infrastructure
- Core member of ransomware gang identified
- Europol investigation busts 150 ‘high value’ darknet vendors
For the more technical
- Using Kerberos for authentication relay attacks
- Windows exploitation tricks: Relaying DCOM authentication
- Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
- Researcher earns $2 million for critical vulnerability in Polygon
- 1,000,000 sites affected by OptinMonster vulnerabilities
- Site deletion vulnerability in Hashthemes plugin
- Mozilla blocks malicious add-ons installed by 455K Firefox users
- Cracking WiFi at scale with one simple trick
- A handshake with MySQL bots
- Hackers are exploiting a vulnerability in popular billing software to deploy ransomware
- Fake npm Roblox API package installs ransomware and has a spooky surprise
- Rooting malware makes a comeback: Lookout discovers global campaign
- Avast releases decryptor for AtomSilo and LockFile ransomware
- Squirrelwaffle leverages malspam to deliver Qakbot, Cobalt Strike
- New York Times journalist Ben Hubbard hacked with Pegasus after reporting on previous hacking attempts + more information
- UltimaSMS: A widespread premium SMS scam on the Google Play Store
- APT trends report Q3 2021
- New activity from Russian actor Nobelium + technical guidance
- DDoS attacks hit multiple email providers
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.