Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- [VIDEO] Is the fight for online privacy a lost battle?
- Think like a hacker: Inside the minds and methods of modern adversaries (PDF)
- U.S. fines 16 Wall Street firms $1.8 bln for talking deals, trades on personal apps
- AFP working with overseas law enforcement on Optus breach
- Honolulu man pleads guilty to sabotaging former employer’s computer network
- Someone is pretending to be me
- Mobile phone hackers wield “Violence-as-a-service” for money, revenge
For the more technical
- Customer guidance for reported zero-day vulnerabilities in Microsoft Exchange Server
- Microsoft Windows Shift F10 bypass and autopilot privilge escalation
- Critical WhatsApp vulnerabilities patched: Check you’ve updated!
- The secrets of Schneider Electric’s UMAS protocol
- Practically-exploitable cryptographic vulnerabilities in Matrix (PDF)
- Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2
- Another tale of IBM i (AS/400) hacking
- Unredacted #004 – The privacy, security, and OSINT magazine (PDF)
- Taking down coordinated inauthentic behavior from Russia and China (PDF)
- Bad VIB(E)s part one: Investigating novel malware persistence within ESXi hypervisors
- Bad VIB(E)s part two: Detection and hardening within ESXi hypervisors
- NullMixer: oodles of Trojans in a single dropper
- Prilex: the pricey prickle credit card complex
- Chaos is a Go-based Swiss army knife of malware
- Hunting for unsigned DLLs to find APTs
- Erbium stealer malware report
- In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
- Poseidon’s offspring: Charybdis and Scylla
- Brute Ratel cracked and shared across the cybercriminal underground
- Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks
- Agent Tesla RAT delivered by Quantum builder with new TTPs
- Lazarus ‘Operation In(ter)ception’ targets macOS users dreaming of jobs in crypto
- Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
- ZINC weaponizing open-source software
- Witchetty: Group uses updated toolset in attacks on governments in Middle East
- Detecting STEEP#MAVERICK: New covert attack campaign targeting military contractors
- Chinese state-sponsored group TA413 adopts new capabilities in pursuit of Tibetan targets
- Hacker groups take to Telegram, Signal and darkweb to assist protestors in Iran
- International conflicts driving increased strength of DDoS attacks: report
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.