IT Security Weekend Catch Up – April 15, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!

For the less technical

  1. What does GDPR mean for mobile app owners
  2. Chinese government forces residents to install surveillance app with awful security
  3. Russian court bans Telegram app
  4. Don’t give away historic details about yourself
  5. Malware scanning services containers for sensitive business information
  6. Facebook is offering a $40,000 bounty if you find the next Cambridge Analytica + more information
  7. Bug hunters: The hackers earning big bucks… ethically
  8. Illegal network used smurfing to launder more than EUR 8 million from drug trafficking
  9. Botched upgrade at Belgian bank Argenta sparks phishing frenzy
  10. $3.3 million stolen from Coinsecure bitcoin exchange
  11. Microsoft Engineer charged in Reveton ransomware case
  12. Four out of rive ransomware victims would pay the ransom again
  13. UK launched cyber-attack on Islamic State
  14. Mauritania was taken offline for two days, and no one knows why
  15. Russia has figured out how to jam U.S. drones in Syria
  16. Aviation industry may be vulnerable to cyberattack through its global supply chain
  17. A software glitch in a Kansas jail temporarily gave the suspect Internet access
  18. WhatsApp photo drug dealer caught by ‘groundbreaking’ work
  19. Hackers deface world’s most-viewed YouTube video
  20. U.S. to seek social media details from all visa applicants
  21. Digital propaganda or ‘normal’ political polarization? Case study of political debate on Polish Twitter
  22. Eighteenth century english mail hacks

For the more technical

  1. The dots do matter: how to scam a Gmail user
  2. FakeUpdates campaign leverages multiple website platforms
  3. Uncovering Drupalgeddon 2 + PoC based CheckPoint article
  4. WordPress hacked site – forensics report
  5. Over 65,000 home routers are proxying bad traffic for botnets, APTs
  6. APT Trends report Q1 2018
  7. Operation Parliament, who is doing what?
  8. Server Side Request Forgery to NIPRNet access
  9. DigitalOcean blocks VestaCP port due to active exploit
  10. CyberArk Password Vault Web Access remote code execution
  11. RCE with Spring Data Commons
  12. Compromising OpenDrive’s cloud storage accounts
  13. Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected
  14. Schneider Electric patches 16 flaws in building automation software
  15. SAP patches critical flaws in Business Client
  16. Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router
  17. Signal bypass screen locker
  18. Researchers discovered several flaws that expose electrical substations to hack + more information
  19. Flaw exposes cities’ emergency alert sirens to hackers
  20. Linux open source utility Beep is affected by several vulnerabilities
  21. Microsoft Office tops the exploit charts
  22. From analyzing CVE-2017-0263 to investigating Menu Management Component
  23. Microsoft April 2018 Patch Tuesday
  24. Automatically stealing password hashes with Microsoft Outlook and OLE
  25. Adobe security update summary
  26. OPCDE 2018 Cyber Security Conference material
  27. New WebAuthn standard will attempt to eliminate passwords
  28. Web Authentication specification + additional technical documentation
  29. Google is testing self-destructing emails in new Gmail
  30. Snallygaster – a tool to scan for secrets on web servers
  31. Data exfiltrators send info over PCs’ power supply cables (PDF)
  32. WhatsApp Web reverse engineered
  33. The hunt for GHOSTHUNTER
  34. High Sierra, Avast and Metasploit
  35. Breaking RSA OAEP with Manger’s attack
  36. Facebook GraphQL CSRF
  37. Routing attacks on Internet services
  38. Atsamaz Gatsoev (1ms0rry) malware business
  39. PUBG Ransomware decrypts your files if you play PlayerUnknown’s Battlegrounds
  40. Maktub ransomware: possibly rebranded as Iron
  41. Business-critical systems increasingly hit by ransomware: Verizon 2018 DBIR
  42. RadRAT: An all-in-one toolkit for complex espionage ops
  43. EITest: Sinkholing the oldest infection chain
  44. IcedID banking trojan teams up with Ursnif/Dreambot for distribution

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *