Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Microsoft: Hackers compromised support agent’s credentials to access customer email accounts
- Hacker from Russian crime group jailed for multi-million pound global blackmail conspiracy + more information
- Silk Road 2 founder Dread Pirate Roberts 2 caught, jailed for 5 years
- What it’s like to lose a million dollars to an online dating scam
- Catching a catfish. A terrifying story of virtual deceit
- Why Ecuador finally got sick of Julian Assange and ended his refuge at the embassy in London
- FBI criticized for delaying breach notifications, including insufficient details
- As China hacked, U.S. businesses turned a blind eye
- How the internet blew up information warfare
- Your smartphone apps are filled with trackers you know nothing about
- A year later, cybercrime groups still rampant on Facebook
- Hackers publish personal data on thousands of US police officers and federal agents
- Yahoo to pay $177.5 M to settle data breach
- What happened when the DEA demanded passwords from LastPass
For the more technical
- Microsoft April 2019 Patch Tuesday
- April’s Patch Tuesday fixes two vulnerabilities being exploited in the wild
- Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability
- Adobe Acrobat Reader remote code execution
- Dragonblood vulnerabilities disclosed in WiFi WPA3 standard (PDF)
- Virtually unlimited memory: Escaping the Chrome sandbox
- A series of unfortunate images: Drupal 1-click to RCE exploit chain detailed
- SQL Injection in Advance Contact Form 7 DB
- Attacks on closed WordPress plugins
- A security researcher with a grudge is dropping Web 0days on innocent users
- Old but GOLD dot dot slash to get the flag — Uber microservice
- MyCar Controls uses hard-coded credentials
- GPS time rollover failures keep happening (but they’re almost done)
- Project TajMahal – a sophisticated new APT framework + technical description
- OceanLotus: macOS malware update
- Gaza Cybergang Group1, operation SneakyPastes
- Gustuff banking botnet targets Australia
- BasBanke: Trend-setting Brazilian banking trojan
- The official website of a popular video editing software was infected with a banking trojan
- Emotet gang switches to highly customized templates utilizing stolen email content from victims
- IResponse to IEncrypt
- TRITON actor TTP profile, custom attack tools, detections, and ATT&CK mapping
- A peek into the toolkit of the dangerous Triton hackers
- Researchers uncover new version of the infamous Flame malware
- The oldest Stuxnet component dials up (PDF)
- Annual report of the Estonian Internal Security Service (PDF)
- How Android fought an epic botnet—and won
- Mobile malware analysis : Tricks used in Anubis
- When you unsubscribe to these emails, you ‘subscribe’ to the Loda RAT
- Sextortion profits decline despite higher volume, new techniques
- Digital Doppelgangers. Cybercriminals cash out money using stolen digital identities
- DDoS targeting WordPress search
- Popular HTML5 feature used to trick Chinese mobile users into joining latest DDoS attack
- Two out of three hotels accidentally leak guests’ personal data
- How to find hidden cameras in your AirBNB
- DevSecOps – dynamic, fast, effective and secure (PDF)
- Blue + red: An infosec purple pyramid
- Internet monitoring OSINT tool for Windows
- Gmail making email more secure with MTA-STS standard
- Multiple enterprise VPN apps allow attackers to bypass authentication
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – April 14, 2019”