Security Leftovers
Security Week ☛ American Airlines Subsidiary Envoy Air Hit by Oracle Hack
Envoy Air, which operates the American Eagle brand, has confirmed that business information was stolen by hackers.
Security Week ☛ NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million
The judge ruled that punitive damages of $167 million awarded by a jury were excessive.
Security Week ☛ ConnectWise Patches Critical Flaw in Automate RMM Tool
Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations.
Security Week ☛ Lumma Stealer Activity Drops After Doxxing
The identities of alleged core members of the Lumma Stealer group were exposed in an underground doxxing campaign.
Security Week ☛ SIM Farm Dismantled in Europe, Seven Arrested
The individuals ran a highly sophisticated cybercrime-as-a-service (CaaS) platform that caused roughly €5 million (~$5.8 million) in losses.
SANS ☛ Using Syscall() for Obfuscation/Fileless Activity, (Mon, Oct 20th)
I found another piece of malware this weekend. This one looks more like a proof-of-concept because the second-stage payload is really "simple", but it attracted my attention because it uses a nice technique to obfuscate the code.
EDRI ☛ Community Call: Psychosocial Support & Digital Safety
What does psychosocial support look like in the face of spyware attacks and digital security threats? It can mean adapting care to the context, listening without rushing, and building protocols that protect both dignity and data. But we want to hear what it means to you and to those already integrating psychosocial support into their accompaniments — such as Fundación Acceso in Latin America and Digital Society of Africa during our next community call.
Security Week ☛ Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks
On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction.