Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Microsoft: Hackers compromised support agent’s credentials to access customer email accounts
- Hacker from Russian crime group jailed for multi-million pound global blackmail conspiracy + more information
- Silk Road 2 founder Dread Pirate Roberts 2 caught, jailed for 5 years
- What it’s like to lose a million dollars to an online dating scam
- Catching a catfish. A terrifying story of virtual deceit
- Why Ecuador finally got sick of Julian Assange and ended his refuge at the embassy in London
- FBI criticized for delaying breach notifications, including insufficient details
- As China hacked, U.S. businesses turned a blind eye
- How the internet blew up information warfare
- Your smartphone apps are filled with trackers you know nothing about
- A year later, cybercrime groups still rampant on Facebook
- Hackers publish personal data on thousands of US police officers and federal agents
- Yahoo to pay $177.5 M to settle data breach
- What happened when the DEA demanded passwords from LastPass
For the more technical
- Microsoft April 2019 Patch Tuesday
- April’s Patch Tuesday fixes two vulnerabilities being exploited in the wild
- Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability
- Adobe Acrobat Reader remote code execution
- Dragonblood vulnerabilities disclosed in WiFi WPA3 standard (PDF)
- Virtually unlimited memory: Escaping the Chrome sandbox
- A series of unfortunate images: Drupal 1-click to RCE exploit chain detailed
- SQL Injection in Advance Contact Form 7 DB
- Attacks on closed WordPress plugins
- A security researcher with a grudge is dropping Web 0days on innocent users
- Old but GOLD dot dot slash to get the flag — Uber microservice
- MyCar Controls uses hard-coded credentials
- GPS time rollover failures keep happening (but they’re almost done)
- Project TajMahal – a sophisticated new APT framework + technical description
- OceanLotus: macOS malware update
- Gaza Cybergang Group1, operation SneakyPastes
- Gustuff banking botnet targets Australia
- BasBanke: Trend-setting Brazilian banking trojan
- The official website of a popular video editing software was infected with a banking trojan
- Emotet gang switches to highly customized templates utilizing stolen email content from victims
- IResponse to IEncrypt
- TRITON actor TTP profile, custom attack tools, detections, and ATT&CK mapping
- A peek into the toolkit of the dangerous Triton hackers
- Researchers uncover new version of the infamous Flame malware
- The oldest Stuxnet component dials up (PDF)
- Annual report of the Estonian Internal Security Service (PDF)
- How Android fought an epic botnet—and won
- Mobile malware analysis : Tricks used in Anubis
- When you unsubscribe to these emails, you ‘subscribe’ to the Loda RAT
- Sextortion profits decline despite higher volume, new techniques
- Digital Doppelgangers. Cybercriminals cash out money using stolen digital identities
- DDoS targeting WordPress search
- Popular HTML5 feature used to trick Chinese mobile users into joining latest DDoS attack
- Two out of three hotels accidentally leak guests' personal data
- How to find hidden cameras in your AirBNB
- DevSecOps - dynamic, fast, effective and secure (PDF)
- Blue + red: An infosec purple pyramid
- Internet monitoring OSINT tool for Windows
- Gmail making email more secure with MTA-STS standard
- Multiple enterprise VPN apps allow attackers to bypass authentication
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments