IT Security Weekend Catch Up – September 30, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [VIDEO] Is the fight for online privacy a lost battle?
  2. Think like a hacker: Inside the minds and methods of modern adversaries (PDF)
  3. U.S. fines 16 Wall Street firms $1.8 bln for talking deals, trades on personal apps
  4. AFP working with overseas law enforcement on Optus breach
  5. Honolulu man pleads guilty to sabotaging former employer’s computer network
  6. Someone is pretending to be me
  7. Mobile phone hackers wield “Violence-as-a-service” for money, revenge

For the more technical

  1. Customer guidance for reported zero-day vulnerabilities in Microsoft Exchange Server
  2. Microsoft Windows Shift F10 bypass and autopilot privilge escalation
  3. Critical WhatsApp vulnerabilities patched: Check you’ve updated!
  4. The secrets of Schneider Electric’s UMAS protocol
  5. Practically-exploitable cryptographic vulnerabilities in Matrix (PDF)
  6. Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2
  7. Another tale of IBM i (AS/400) hacking
  8. Unredacted #004 – The privacy, security, and OSINT magazine (PDF)
  9. Taking down coordinated inauthentic behavior from Russia and China (PDF)
  10. Bad VIB(E)s part one: Investigating novel malware persistence within ESXi hypervisors
  11. Bad VIB(E)s part two: Detection and hardening within ESXi hypervisors
  12. NullMixer: oodles of Trojans in a single dropper
  13. Prilex: the pricey prickle credit card complex
  14. Chaos is a Go-based Swiss army knife of malware
  15. Hunting for unsigned DLLs to find APTs
  16. Erbium stealer malware report
  17. In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
  18. Poseidon’s offspring: Charybdis and Scylla
  19. Brute Ratel cracked and shared across the cybercriminal underground
  20. Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks
  21. Agent Tesla RAT delivered by Quantum builder with new TTPs
  22. Lazarus ‘Operation In(ter)ception’ targets macOS users dreaming of jobs in crypto
  23. Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
  24. ZINC weaponizing open-source software
  25. Witchetty: Group uses updated toolset in attacks on governments in Middle East
  26. Detecting STEEP#MAVERICK: New covert attack campaign targeting military contractors
  27. Chinese state-sponsored group TA413 adopts new capabilities in pursuit of Tibetan targets
  28. Hacker groups take to Telegram, Signal and darkweb to assist protestors in Iran
  29. International conflicts driving increased strength of DDoS attacks: report

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *