Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- What does GDPR mean for mobile app owners
- Chinese government forces residents to install surveillance app with awful security
- Russian court bans Telegram app
- Don’t give away historic details about yourself
- Malware scanning services containers for sensitive business information
- Facebook is offering a $40,000 bounty if you find the next Cambridge Analytica + more information
- Bug hunters: The hackers earning big bucks… ethically
- Illegal network used smurfing to launder more than EUR 8 million from drug trafficking
- Botched upgrade at Belgian bank Argenta sparks phishing frenzy
- $3.3 million stolen from Coinsecure bitcoin exchange
- Microsoft Engineer charged in Reveton ransomware case
- Four out of rive ransomware victims would pay the ransom again
- UK launched cyber-attack on Islamic State
- Mauritania was taken offline for two days, and no one knows why
- Russia has figured out how to jam U.S. drones in Syria
- Aviation industry may be vulnerable to cyberattack through its global supply chain
- A software glitch in a Kansas jail temporarily gave the suspect Internet access
- WhatsApp photo drug dealer caught by ‘groundbreaking’ work
- Hackers deface world’s most-viewed YouTube video
- U.S. to seek social media details from all visa applicants
- Digital propaganda or ‘normal’ political polarization? Case study of political debate on Polish Twitter
- Eighteenth century english mail hacks
For the more technical
- The dots do matter: how to scam a Gmail user
- FakeUpdates campaign leverages multiple website platforms
- Uncovering Drupalgeddon 2 + PoC based CheckPoint article
- WordPress hacked site – forensics report
- Over 65,000 home routers are proxying bad traffic for botnets, APTs
- APT Trends report Q1 2018
- Operation Parliament, who is doing what?
- Server Side Request Forgery to NIPRNet access
- DigitalOcean blocks VestaCP port due to active exploit
- CyberArk Password Vault Web Access remote code execution
- RCE with Spring Data Commons
- Compromising OpenDrive’s cloud storage accounts
- Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected
- Schneider Electric patches 16 flaws in building automation software
- SAP patches critical flaws in Business Client
- Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router
- Signal bypass screen locker
- Researchers discovered several flaws that expose electrical substations to hack + more information
- Flaw exposes cities’ emergency alert sirens to hackers
- Linux open source utility Beep is affected by several vulnerabilities
- Microsoft Office tops the exploit charts
- From analyzing CVE-2017-0263 to investigating Menu Management Component
- Microsoft April 2018 Patch Tuesday
- Automatically stealing password hashes with Microsoft Outlook and OLE
- Adobe security update summary
- OPCDE 2018 Cyber Security Conference material
- New WebAuthn standard will attempt to eliminate passwords
- Web Authentication specification + additional technical documentation
- Google is testing self-destructing emails in new Gmail
- Snallygaster – a tool to scan for secrets on web servers
- Data exfiltrators send info over PCs’ power supply cables (PDF)
- WhatsApp Web reverse engineered
- The hunt for GHOSTHUNTER
- High Sierra, Avast and Metasploit
- Breaking RSA OAEP with Manger’s attack
- Facebook GraphQL CSRF
- Routing attacks on Internet services
- Atsamaz Gatsoev (1ms0rry) malware business
- PUBG Ransomware decrypts your files if you play PlayerUnknown’s Battlegrounds
- Maktub ransomware: possibly rebranded as Iron
- Business-critical systems increasingly hit by ransomware: Verizon 2018 DBIR
- RadRAT: An all-in-one toolkit for complex espionage ops
- EITest: Sinkholing the oldest infection chain
- IcedID banking trojan teams up with Ursnif/Dreambot for distribution
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – April 15, 2018”