IT Security Weekend Catch Up – April 28, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Which country would win in the programming olympics?
  2. Some internet outages predicted for the coming month as ‘768k Day’ approaches
  3. Facial recognition creeps up on a JetBlue passenger and she hates it
  4. Wi-Fi hotspot finder spills 2 million passwords
  5. Docker Hub database hack exposes sensitive data of 190k users
  6. Hacker dumps thousands of sensitive Mexican embassy documents online
  7. Nokia 9 buggy update lets anyone bypass fingerprint scanner with a pack of gum
  8. Computer attack knocks Weather Channel off the air
  9. BEC fraud losses grew to $1.3 billion in 2018
  10. Some Amazon sellers are paying $10,000 a month to trick their way to the top
  11. How a telescope forum feud ended with prison time
  12. The feds are dropping child porn cases instead of revealing info on their surveillance systems
  13. Fake carrier scam: 6 arrested in Romania and the Netherlands

For the more technical

  1. Attackers are weaponizing more vulnerabilities than ever before
  2. New Oracle WebLogic zero-day discovered in the wild + security update
  3. OAMBuster – multithreaded exploit for CVE-2018-2879
  4. Oracle, Gemalto downplay Java Card vulnerabilities
  5. Zero-day XML External Entity (XXE) injection vulnerability in Internet Explorer
  6. On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624)
  7. Gaining access to card data using the Windows domain to bypass firewalls
  8. Security flaw lets attackers recover private keys from Qualcomm chips
  9. Multiple vulnerabilities in Sierra Wireless AirLink ES450
  10. Auditing Foxit Reader’s PDF Printer for an elevation of privilege
  11. Symantec Endpoint Protection kernel memory information disclosure vulnerability
  12. Uncovering CVE-2019-0232: A remote code execution vulnerability in Apache Tomcat
  13. Exploits in the wild for WordPress Social Warfare plugin CVE-2019-9978
  14. Stealing Bear notes with URL schemes
  15. Facebook’s burglary shopping list
  16. P2P weakness exposes millions of IoT devices
  17. Hacker finds he can remotely kill car engines after breaking into GPS tracking apps
  18. DNSpionage brings out the Karkoff
  19. DNS based threat hunting and DoH (DNS over HTTPS)
  20. Getting in the zone: dumping Active Directory DNS using adidnsdump
  21. How to use the wayback machine to find interesting paths and vulnerabilities on a website
  22. Steps to Recovery addiction treatment center leaking PII
  23. GoDaddy removes a massive network of bogus sales sites
  24. Cyber-Telecom Crime Report 2019
  25. Hacking (back) and influence operations
  26. Russia’s Bitcoin hacking funds
  27. The Russian shadow in Eastern Europe: Ukrainian MOD campaign
  28. FINTEAM: Trojanized TeamViewer against government targets
  29. Operation ShadowHammer: a high-profile supply chain attack
  30. Lazarus APT targets Mac users with poisoned Word document
  31. Threat actor TA505 targets financial enterprises using LOLBins and a new backdoor malware
  32. ‘Silence’ cybercrime gang targets banks in more regions
  33. JasperLoader emerges, targets Italy with Gootkit banking trojan
  34. Emotet gang distributes first Japanese campaign
  35. Emotet adds new evasion technique and uses connected devices as proxy C&C servers
  36. Continuing the CARBANAK source code analysis – part 1, 2, 3 & 4
  37. A malicious sight in Google Sites
  38. Wipro intruders targeted other major IT firms
  39. Who’s behind the RevCode WebMonitor RAT?
  40. AESDDoS botnet malware exploits CVE-2019-3396 to perform remote code execution, DDoS attacks
  41. Analyzing C/C++ runtime library code tampering in software supply chain attacks
  42. Android application diffing: Engine overview
  43. Android apps on Google Play Store come with nasty surprise
  44. Google is banning a Play Store developer with more than half a billion app installs
  45. The Android platform security model
  46. Google bans logins from embedded browser frameworks to prevent MitM phishing + more information
  47. Banking-grade credential stuffing: The futility of partial password validation
  48. You lost your second authentication factor. Now what?
  49. A bootable flash drive to extract encrypted volume keys, break full-disk encryption

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *