IT Security Weekend Catch Up – September 23, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Rockstar confirms cyberattack, leak of confidential data including GTA 6 footage + more information
  2. UK Police arrests teen believed to be behind Uber, Rockstar hacks
  3. 2K Games says hacked help desk targeted players with malware
  4. American Airlines discloses data breach after employee email compromise
  5. Botched crypto mugging lands three U.K. men in jail
  6. The $8.6 billion startup that helps governments trace crypto
  7. IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun
  8. US military bought mass monitoring tool that includes Internet browsing, email data
  9. $35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned

For the more technical

  1. AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
  2. Tarfile: Exploiting the world with a 15-year-old vulnerability
  3. Sophos warns of new firewall RCE bug exploited in attacks
  4. Does 2FA stop hackers?
  5. On the limits of textual screen peeking via eyeglass reflections in video conferencing (PDF)
  6. Chrome & Edge enhanced spellcheck features expose PII, even your passwords
  7. Malicious npm package mimics Material Tailwind CSS tool
  8. Threat actors continue to abuse Google Tag Manager for payment card e-skimming
  9. MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
  10. New phishing campaign targets GitHub users
  11. Malicious OAuth applications used to compromise email servers and spread spam
  12. New malware campaign targets Zoom users
  13. Record 25.3 billion request multiplexing attack mitigated by Imperva
  14. The bad actor had internal access to LastPass for four days
  15. Console hacker reveals PS4/PS5 exploit that is “essentially unpatchable”
  16. The evolution of the Chromeloader malware
  17. Bitdefender, Europol, Swiss police publish decryptor for LockerGoga ransomware
  18. LockBit ransomware builder leaked online by “angry developer”
  19. AdvIntel’s state of Emotet aka “SpmTools” displays over million compromised machines through 2022
  20. BlackMatter: New data exfiltration tool used in attacks
  21. PrivateLoader: the loader of the prevalent ruzki PPI service
  22. Domain shadowing: A stealthy use of DNS compromise for cybercrime
  23. A multimillion dollar global online credit card scam uncovered
  24. Russia-Nexus UAC-0113 emulating telecommunication providers in Ukraine
  25. The mystery of Metador: An unattributed threat hiding in telcos, ISPs, and universities
  26. Back to school: BEC group targets teachers with payroll diversion attacks
  27. Iranian state actors conduct cyber operations against the government of Albania

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *