IT Security Weekend Catch Up – September 11, 2021

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. ProtonMail logged IP address of French activist after order by Swiss authorities
  2. German government admits buying Pegasus spyware, says ‘limited’ to respect privacy laws
  3. NSO Group affiliate circles sold equipment to Uzbekistan ‘secret police’
  4. UK government backs Apple, and wants to scan encrypted messages for CSAM
  5. Australia: Unprecedented surveillance bill rushed through parliament in 24 hours
  6. Texas schools are surveilling students online, often without their knowledge or consent
  7. How Facebook undermines privacy protections for its 2 billion WhatsApp users
  8. Hackers leak passwords for 500,000 Fortinet VPN accounts
  9. Ransomware gang threatens to leak data if victim contacts FBI, police
  10. Confessions of a ransomware negotiator: Well, somebody’s got to talk to the criminals holding data hostage
  11. The ideal ransomware victim: What attackers are looking for
  12. REvil ransomware is back in full attack mode and leaking data
  13. UN computer networks breached by hackers earlier this year
  14. Ukrainian cyber criminal extradited for decrypting the credentials of thousands of computers
  15. TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic
  16. The operator of a Dark Web assassination site was arrested in Russia
  17. Hacking Team customer in Turkey was arrested for spying on police colleagues
  18. You don’t need to burn off your fingertips (and other biometric authentication myths)

For the more technical

  1. Introduction to OWASP Top 10 2021
  2. Microsoft shares temp fix for ongoing Office 365 zero-day attacks
  3. Windows MSHTML zero-day defenses bypassed as new info emerges
  4. Remote code execution 0-day (CVE-2021-40444) hits Windows, triggered via Office docs
  5. Coordinated disclosure of vulnerability in Azure Container Instances Service
  6. Finding Azurescape – Cross-account container takeover in Azure Container Instances
  7. PoC for RCE 0-day for GhostScript 9.50
  8. Analyzing SSL/TLS certificates used by malware
  9. CVE-2021-26084: Confluenza
  10. Demon’s Cries vulnerability (some NETGEAR smart switches)
  11. Draconian Fear vulnerability (some NETGEAR smart switches)
  12. New CPU side-channel attack takes aim at Chrome’s Site Isolation featur
  13. A deep-dive into the SolarWinds Serv-U SSH vulnerability
  14. Android Security Bulletin—September 2021
  15. Research shows over 10% of sampled Firebase instances open
  16. How a Russian mobile app developer recruited phones into a secret ad-watching robot army
  17. Someone could be tracking you through your headphones
  18. Threat landscape for industrial automation systems in H1 2021
  19. Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet
  20. Cybercrime group FIN7 using Windows 11 Alpha-themed docs to drop Javascript backdoor
  21. BladeHawk group: Android espionage against Kurdish ethnic group
  22. EGoManiac: An unscrupulous Turkish-nexus threat actor

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *