IT Security Weekend Catch Up – September 12, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Former NSA chief Keith Alexander has joined Amazon’s board of directors
  2. Inside Amazon’s secret program to spy on workers’ private Facebook groups
  3. OVPN wins court battle after Pirate Bay data demands rejected
  4. Chilean bank shuts down all branches following ransomware attack
  5. Netwalker ransomware hits Pakistan’s largest private power utility
  6. Israel’s Tower Semi halts some operations after cyber attack
  7. Slovak cryptocurrency exchange Eterbase discloses $5.4 million hack
  8. Thousands of Razer customers order and shipping details exposed on the web without password
  9. Secure your Zoom account with Two-Factor Authentication

For the more technical

  1. Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)
  2. Raccoon attack allows hackers to break TLS encryption ‘under certain conditions’
  3. Critical Intel Active Management Technology flaw allows privilege escalation
  4. Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite
  5. Microsoft September 2020 Patch Tuesday
  6. Windows 10 themes can be abused to steal Windows passwords
  7. Microsoft confirms why Windows Defender can’t be disabled via registry
  8. Windows 10 Sandbox activation enables zero-day vulnerability
  9. Vulnerabilities in PAN-OS could threaten internal networks security
  10. How I hacked Facebook again! Unauthenticated RCE on MobileIron MDM
  11. License to lill: Leveraging license management to attack ICS networks (PDF)
  12. Kids’ smartwatches are a security nightmare despite years of warnings
  13. A detailed analysis of spyware masquerading as TikTok
  14. France, Japan, New Zealand warn of sudden spike in Emotet attacks
  15. XSS->Fix->Bypass: 10000$ bounty in Google Maps
  16. Attackers fight for control of sites targeted in File Manager vulnerability
  17. Who is calling? CDRThief targets Linux VoIP softswitches
  18. Who are initial access brokers and how do they work?
  19. Attackers abusing legitimate cloud monitoring tools to conduct cyber attacks
  20. Epic Manchego – atypical maldoc delivery brings flurry of infostealers
  21. ‘Baka’ JavaScript skimmer identified (PDF)
  22. Thanos ransomware: Destructive variant targeting state-run organizations in the Middle East and North Africa
  23. An overview of targeted attacks and APTs on Linux
  24. New cyberattacks targeting U.S. elections
  25. The Internet’s biggest webmaster forum had a data breach
  26. State of cybersecurity industry exposure at Dark Web
  27. Digital Education: The cyberrisks of the online classroom
  28. Technical approaches to uncovering and remediating malicious activity
  29. Breaking LUKS Encryption
  30. Where is Twardowski? Mini CTF by SecuRing

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *