IT Security Weekend Catch Up – April 29, 2018

Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We'll try to keep it alive!

For the less technical

1. Real people are turning their accounts into bots on Instagram
2. Gmail users receive mysterious spam messages from themselves
3. Claims by Joy Reid’s cybersecurity expert fall apart
4. F.A.K.E. Security - exposing the snake-oil salesmen
5. RSA conference app leaks user data
6. Ex-employee Sun Trust helps compromise 1.5 million bank clients
7. DDoS-for-hire service Webstresser dismantled
8. Ransomware infects Ukraine energy ministry website
9. China cyberspies mined Japanese firms for North Korean secrets
10. US urged to act immediately to save its systems from the ‘growing threat of Chinese cyber theft’
11. Security experts hacked an electronic lock system used by hotels worldwide
12. We don’t know what to do if a satellite gets hacked
13. A screenshot API used to mining cryptocurrencies

For the more technical

1. Google's Project Zero exposes unpatched Windows 10 lockdown bypass + technical description
2. Vulnerabilities in Rockwell Automation industrial networking solutions
3. Firms using WebEx at risk of poisoned Flash attacks
4. LinkedIn AutoFill exposed visitor name, email to third-party websites
5. Another critical Drupal flaw discovered
6. Keeping Drupal sites safe with Cloudflare's WAF
7. Breaking bad to make good: Firefox CVE-2017–7843
8. WD My Cloud EX2 serves your files to anyone + more information
9. Milestone XProtect .NET deserialization vulnerability
10. Volkswagen Group models vulnerable to hackers
11. The “unpatchable” exploit that makes every current Nintendo Switch hackable
12. D-Link router riddled with vulnerability
13. HooToo TripMate routers are cute but insecure
14. A new MikroTik RouterOS vulnerability
15. Beware the tech support scam
16. NTLM credentials theft via PDF files
17. VMware escape by two bugs in 1 second
18. Establishing a baseline for Remote Desktop Protocol
19. Lateral attacks between IoT devices
20. Exploit/bypass PHP escapeshellarg/escapeshellcmd functions
21. Running system commands through Nvidia signed binaries
22. Escalating privileges with ACLs in Active Directory
23. About 1.5 million hotel reservation records leaked through a simple newsletter system
24. Zebrocy heavily used by the Sednit/APT28 group
25. New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
26. Energetic Bear/Crouching Yeti: attacks on servers
27. GravityRAT - the two-year evolution of an APT targeting India
28. Attackers fake computational power to steal cryptocurrencies from mining pools
29. New hacks siphon private cryptocurrency keys from airgapped wallets (PDF)
30. BGP leaks and cryptocurrencies
31. Malicious calculator app adds up Bitvote coins in cryptomining scheme
32. True scale of Bitcoin ransomware extortion revealed
33. Satan ransomware adds EternalBlue exploit
34. Russian “Troldesh” AKA Encoder.858 or Shade is back
35. Necurs evolves to evade spam detection via Internet shortcut file
36. Metamorfo campaigns targeting Brazilian users
37. WebMonitor RAT comes with Command and Control as a Service (C2aaS)
38. XLoader Android spyware and banking trojan distributed via DNS spoofing
39. Report on the global proliferation of Netsweeper
40. Introducing Windows Defender System Guard runtime attestation
41. A tool to help assess the security of Azure Cloud environment subscriptions
42. First glance on OS VRP by Huawei
43. Enhancing Pwned Passwords privacy by exclusively supporting anonymity
44. It’s impossible to prove your laptop hasn’t been hacked

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.