IT Security Weekend Catch Up – April 29, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!

For the less technical

  1. Real people are turning their accounts into bots on Instagram
  2. Gmail users receive mysterious spam messages from themselves
  3. Claims by Joy Reid’s cybersecurity expert fall apart
  4. F.A.K.E. Security – exposing the snake-oil salesmen
  5. RSA conference app leaks user data
  6. Ex-employee Sun Trust helps compromise 1.5 million bank clients
  7. DDoS-for-hire service Webstresser dismantled
  8. Ransomware infects Ukraine energy ministry website
  9. China cyberspies mined Japanese firms for North Korean secrets
  10. US urged to act immediately to save its systems from the ‘growing threat of Chinese cyber theft’
  11. Security experts hacked an electronic lock system used by hotels worldwide
  12. We don’t know what to do if a satellite gets hacked
  13. A screenshot API used to mining cryptocurrencies

For the more technical

  1. Google’s Project Zero exposes unpatched Windows 10 lockdown bypass + technical description
  2. Vulnerabilities in Rockwell Automation industrial networking solutions
  3. Firms using WebEx at risk of poisoned Flash attacks
  4. LinkedIn AutoFill exposed visitor name, email to third-party websites
  5. Another critical Drupal flaw discovered
  6. Keeping Drupal sites safe with Cloudflare’s WAF
  7. Breaking bad to make good: Firefox CVE-2017–7843
  8. WD My Cloud EX2 serves your files to anyone + more information
  9. Milestone XProtect .NET deserialization vulnerability
  10. Volkswagen Group models vulnerable to hackers
  11. The “unpatchable” exploit that makes every current Nintendo Switch hackable
  12. D-Link router riddled with vulnerability
  13. HooToo TripMate routers are cute but insecure
  14. A new MikroTik RouterOS vulnerability
  15. Beware the tech support scam
  16. NTLM credentials theft via PDF files
  17. VMware escape by two bugs in 1 second
  18. Establishing a baseline for Remote Desktop Protocol
  19. Lateral attacks between IoT devices
  20. Exploit/bypass PHP escapeshellarg/escapeshellcmd functions
  21. Running system commands through Nvidia signed binaries
  22. Escalating privileges with ACLs in Active Directory
  23. About 1.5 million hotel reservation records leaked through a simple newsletter system
  24. Zebrocy heavily used by the Sednit/APT28 group
  25. New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
  26. Energetic Bear/Crouching Yeti: attacks on servers
  27. GravityRAT – the two-year evolution of an APT targeting India
  28. Attackers fake computational power to steal cryptocurrencies from mining pools
  29. New hacks siphon private cryptocurrency keys from airgapped wallets (PDF)
  30. BGP leaks and cryptocurrencies
  31. Malicious calculator app adds up Bitvote coins in cryptomining scheme
  32. True scale of Bitcoin ransomware extortion revealed
  33. Satan ransomware adds EternalBlue exploit
  34. Russian “Troldesh” AKA Encoder.858 or Shade is back
  35. Necurs evolves to evade spam detection via Internet shortcut file
  36. Metamorfo campaigns targeting Brazilian users
  37. WebMonitor RAT comes with Command and Control as a Service (C2aaS)
  38. XLoader Android spyware and banking trojan distributed via DNS spoofing
  39. Report on the global proliferation of Netsweeper
  40. Introducing Windows Defender System Guard runtime attestation
  41. A tool to help assess the security of Azure Cloud environment subscriptions
  42. First glance on OS VRP by Huawei
  43. Enhancing Pwned Passwords privacy by exclusively supporting anonymity
  44. It’s impossible to prove your laptop hasn’t been hacked

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *