Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Russian spammer arrested in Spain
- Krebs on spammer’s arrest
- Why certificates don’s matter in security
- Ad (ab)using Google Assistant and bypassing Google’s reaction
- Swatting ends bad for the victim
- Famous car hacker about security problems
- Ex-employee changed room prices
- Behind the scenes of Sinaloa cartel
- AlphaBay darknet market success story
- How FBI tracked TRiCK from Team Poison
- How was Trumps’ dossier compiled
For the more technical
- HITB2017 materials
- Evilginx – advanced phishing tool
- [PDF] Thomas Rid’s Congress testimony on Russian influence on US election
- [PDF] Disrupting AV solutions with AV signatures
- Kaspersky on Lazarus group
- OBD-II dongle attack
- RCE in Linux kernel via UDP
- MS Office 0day (CVE-2017-0199):
- Kelihos botnet takedown report
- Kelihos author used his botnet as a private proxy server
- Short Kelihos analysis
- Gmail email address enumeration
- Hacking smartphones via WiFi part 1, part 2
- IKEA approach to IOT security
- The Lamberts APT analysis
- CSRF in Dropbox + Facebook
- Uniscribe Fuzzing
- Cuckoo Sandbox 2.0
- Analysis of log fabrication
- PoC for CVE-2017-3881 (RCE in Cisco switches)
- A Red Teamer’s guide to pivoting
- [PDF] IPv6 tunnels in data exfiltration
- Analysis of the alleged Apple customers data leak
- [PDF] APT10 activity report + second report + a third one
- [PDF] Callisto APT activity report
- Latest Shadowbrokers leak
- Second, far more important Shadowbrokers leak
- Aks.com users queries leak
- Distributed attack on WordPress passwords
- Anomalous keys in Tor relays
- Moonsoon APT backdoor analysis: part 1, part 2
- Xen hypervisor attack
- QNAP QTS vulnerabilities
- Techniques used by Lazarus group
- Hacking my own Reddit password
- Finding potential vulnerabilities in FreeBSD code
- QUIC protocol vulnerability
- [PDF] Detecting emulation of malware environment
- Brickerbot bricks IOT devices
- New IOT botnet
- Struts2 exploit leads to DDoS and ransomware
- Diamond Fox bot analysis
- Hacking a TV set with a remote
- Creating dangerous shortcuts
- Middle East targeted campaign
- Microsoft Safe Link bypass
- APT29 backdoor analysis
- ROKRAT trojan horse analysis
- Hijacking bank’s operations
- Xen guest-to-host
- How fast a password can be cracked
- Taking over LinkedIn accounts via unused email addresses
- Analysis of Chrysaor malware for Android + second analysis
- Managing F-35 requires lower level of security in IE
- Hacking ATMs via a small hole and serial port
- Computer burglars with 20 years of history
- How is Azerbaijan censoring the internet
- RCE in AlienVault OSSIM / USM
- Iranian attacks on Israeli websites
- Airbnb vulnerability
- Malicious Office files with OLE objects
Did you enjoy this list? You can retweet it and subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – April 15, 2017”