Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Facebook moves 1.5bn users out of reach of new European privacy law + more information
- Deleted Facebook cybercrime groups had 300,000 members
- UK GCHQ spy agency warns telcos of the risks of using ZTE equipment and services
- Loud sound from fire alarm system shuts down Nasdaq’s data center
- Teen charged in Nova Scotia government breach says he had ‘no malicious intent’
- Bitcoin heist suspect reportedly walked out of low-security prison, onto flight
- Woman who hacked airline network busted through VPN logs
- The mystery hacker who stole data on 168 million people
- Hackers once stole a casino’s high-roller database through a thermometer in the lobby fish tank
- Hamas-linked spyware targeting Palestinians removed from Google Play store
- Apple might be trying to hinder GrayKey, the popular iPhone-unlocking device for cops
- A sobering look at fake online reviews
- Let’s stop talking about password strength
For the more technical
- Ransomware XIAOBA repurposed as file infector and cryptocurrency miner
- Tens of thousands of Facebook accounts compromised in days by malware
- Hacking group in Brazil targets IoT devices with malware
- Decoding network data from a Gh0st RAT variant
- The increasing affordability of Crimeware as a Service
- Q1 2018 results: Gozi (Ursnif) takes larger piece of the pie
- PBot: a Python-based adware
- Recent findings from CCleaner APT investigation
- Minecraft players exposed to malicious code in modified “skins”
- PowerHammer: Exfiltrating data from air-gapped computers through power lines (PDF)
- Over 20,000,000 of Chrome users are victims of fake ad blockers
- Roaming Mantis uses DNS hijacking to infect Android smartphones
- Google explains new Private DNS setting in Android P
- Opera VPN app to be permanently discontinued as of April 30th, 2018
- How Android phones hide missed security updates from you
- Oracle Critical Patch Update for April 2018
- What harm can come from missing 59,000 vulnerabilities?
- Apple Safari – Wasm section exploit (PDF)
- Drupalgeddon2 exploit added to Metasploit
- Drupalgeddon2 – an analysis of payloads observed in the wild + additional information
- CKEditor 4.9.2 with a security patch released
- A flaw could allow easy hack of LG Network-attached storage devices
- Device vulnerabilities in the connected home
- Foscam IP video camera firmware recovery unsigned image vulnerability
- Cisco has patched WebEx & UCS
- Critical vulnerabilities in Schneider Electric industrial solutions
- Rockwell Automation switches exposed to attacks
- Malicious activities with Google Tag Manager
- Whatsapp user’s IP disclosure with Link Preview feature
- Third-party trackers abuse Facebook Login
- Multiple million-plus-follower Instagram influencers report hacking
- LinkedIn fixes AutoFill button that allowed rogue harvesting of user data
- Guild Wars 2 monitored all running process in order to ban users
- Russian state-sponsored cyber actors targeting network infrastructure devices + more information
- Gold Galleon hacking group plunders shipping industry
- How a private intelligence platform leaked 48 million personal data records
- How crackers ransack passwords like “qeadzcwrsfxv1331”
- Browser password and passphrase generator audit
- Sitting with the cyber-sleuths who track cryptocurrency criminals
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – April 21, 2018”