IT Security Weekend Catch Up – September 29, 2024

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Telegram now shares users’ IP and phone number on legal requests
  2. Firefox tracks you with “privacy preserving” feature
  3. EU privacy regulator fines Meta 91 million euros over password storage
  4. Disney to ditch Slack following July data breach
  5. Uniting for Internet freedom: Tor Project & Tails join forces
  6. macOS Sequoia change breaks networking for VPN, antivirus software
  7. “Bad Romance”: How Kaspersky Lab failed to conquer the Western cybersecurity market
  8. Mystery profile linked to Hungarian firm implicated in exploding pagers
  9. Web tracking report: who monitored users’ online activities in 2023–2024 the most

For the more technical

  1. Attacking UNIX Systems via CUPS, Part I
  2. Critical exploit in MediaTek Wi-Fi chipsets: Zero-click vulnerability (CVE-2024-20017) threatens routers and smartphones
  3. Critical NVIDIA AI vulnerability affecting containers using NVIDIA GPUs, including over 35% of cloud environments
  4. CVE-2024-28987: SolarWinds Web Help Desk hardcoded credential vulnerability deep-dive + PoC
  5. Threat landscape for industrial automation systems, Q2 2024
  6. Hacking Kia: Remotely controlling cars with just a license plate
  7. Wallet scam: A case study in crypto drainer tactics
  8. Octo2: European banks already under attack by new malware variant
  9. Gleaming Pisces poisoned Python packages campaign delivers PondRAT Linux and MacOS backdoors
  10. HTML Smuggling: How blob URLs are abused to deliver phishing content
  11. 10 years of DLL Hijacking, and what we can do to prevent 10 more
  12. Infostealer malware bypasses Chrome’s new cookie-theft defenses
  13. LummaC2: Obfuscation through indirect control flow
  14. BBTok targeting Brazil: Deobfuscating the .NET loader with dnlib and PowerShell
  15. SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites
  16. Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023
  17. Storm-0501: Ransomware attacks expanding to hybrid cloud environments
  18. Examining mobile threats from Russia
  19. The Iranian cyber capability
  20. Iran steps up efforts in U.S. election meddling
  21. Kryptina RaaS: From unsellable cast-off to enterprise ransomware
  22. Inside SnipBot: The latest RomCom malware variant

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *