IT Security Weekend Catch Up – April 14, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Microsoft: Hackers compromised support agent’s credentials to access customer email accounts
  2. Hacker from Russian crime group jailed for multi-million pound global blackmail conspiracy + more information
  3. Silk Road 2 founder Dread Pirate Roberts 2 caught, jailed for 5 years
  4. What it’s like to lose a million dollars to an online dating scam
  5. Catching a catfish. A terrifying story of virtual deceit
  6. Why Ecuador finally got sick of Julian Assange and ended his refuge at the embassy in London
  7. FBI criticized for delaying breach notifications, including insufficient details
  8. As China hacked, U.S. businesses turned a blind eye
  9. How the internet blew up information warfare
  10. Your smartphone apps are filled with trackers you know nothing about
  11. A year later, cybercrime groups still rampant on Facebook
  12. Hackers publish personal data on thousands of US police officers and federal agents
  13. Yahoo to pay $177.5 M to settle data breach
  14. What happened when the DEA demanded passwords from LastPass

For the more technical

  1. Microsoft April 2019 Patch Tuesday
  2. April’s Patch Tuesday fixes two vulnerabilities being exploited in the wild
  3. Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability
  4. Adobe Acrobat Reader remote code execution
  5. Dragonblood vulnerabilities disclosed in WiFi WPA3 standard (PDF)
  6. Virtually unlimited memory: Escaping the Chrome sandbox
  7. A series of unfortunate images: Drupal 1-click to RCE exploit chain detailed
  8. SQL Injection in Advance Contact Form 7 DB
  9. Attacks on closed WordPress plugins
  10. A security researcher with a grudge is dropping Web 0days on innocent users
  11. Old but GOLD dot dot slash to get the flag — Uber microservice
  12. MyCar Controls uses hard-coded credentials
  13. GPS time rollover failures keep happening (but they’re almost done)
  14. Project TajMahal – a sophisticated new APT framework + technical description
  15. OceanLotus: macOS malware update
  16. Gaza Cybergang Group1, operation SneakyPastes
  17. Gustuff banking botnet targets Australia
  18. BasBanke: Trend-setting Brazilian banking trojan
  19. The official website of a popular video editing software was infected with a banking trojan
  20. Emotet gang switches to highly customized templates utilizing stolen email content from victims
  21. IResponse to IEncrypt
  22. TRITON actor TTP profile, custom attack tools, detections, and ATT&CK mapping
  23. A peek into the toolkit of the dangerous Triton hackers
  24. Researchers uncover new version of the infamous Flame malware
  25. The oldest Stuxnet component dials up (PDF)
  26. Annual report of the Estonian Internal Security Service (PDF)
  27. How Android fought an epic botnet—and won
  28. Mobile malware analysis : Tricks used in Anubis
  29. When you unsubscribe to these emails, you ‘subscribe’ to the Loda RAT
  30. Sextortion profits decline despite higher volume, new techniques
  31. Digital Doppelgangers. Cybercriminals cash out money using stolen digital identities
  32. DDoS targeting WordPress search
  33. Popular HTML5 feature used to trick Chinese mobile users into joining latest DDoS attack
  34. Two out of three hotels accidentally leak guests’ personal data
  35. How to find hidden cameras in your AirBNB
  36. DevSecOps – dynamic, fast, effective and secure (PDF)
  37. Blue + red: An infosec purple pyramid
  38. Internet monitoring OSINT tool for Windows
  39. Gmail making email more secure with MTA-STS standard
  40. Multiple enterprise VPN apps allow attackers to bypass authentication

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *