IT Security Weekend Catch Up – April 30, 2017

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. How Facebook and Google lost $100M
  2. Who is publishing NSA and CIA secrets and why
  3. [PDF] How Facebook fights fake news
  4. Interesting investigation in Google vs Uber case
  5. How is Hungary dealing with the Russian threat
  6. Russian carder story
  7. Employee accused of stealing employer’s source code
  8. Interesting news from Silk Road case
  9. How a troll army influences French elections
  10. Hosting company accused of insufficient protection of customer account
  11. Fitbit tracker used in a murder case
  12. Losing the equivalent of the value of your home via a hacked mailbox

For the more technical

  1. Verizon Data Breach Investigations Report 2017
  2. Dell Customer Connect privilege escalation
  3. SquirrelMail RCE
  4. GhostScript RCE (used to hack HipChat)
  5. OS X malware intercepts SSL connections
  6. Hundreds of apps open ports on smartphones
  7. WikiLeaks reveals CIA watermarking tool
  8. Insufficient SNMP authentication on many router models
  9. VM escape based on QEMU
  10. Detailed analysis of a campaign against Israeli companies
  11. How malware authors try to test their solutions
  12. [PDF] Internet fraud campaign report
  13. Critical Zabbix vulnerabilities
  14. [PDF] New tricks used by APT28
  15. Technical analysis of APT28’s new tricks
  16. Summary of APT attacks in Q1 2017
  17. Symantec answers Google
  18. Analysis of an allegedly secure email device
  19. Customer data leaked from secure phone company
  20. Extracting text messages from Google accounts
  21. Extracting location history from Google accounts
  22. Wordlists sorted by probability
  23. Two botnets fighting over modems of one ISP
  24. Control Flow Integrity implementation
  25. Attacking Control Flow Guard
  26. Auditing code for crypto flaws
  27. How was FlexiSpy hacked
  28. FlexiSpy app analysis: part 1, part 2
  29. Report on exploit use in real world attacks
  30. Elevation of privilege in Realtek audio driver
  31. Cloning car key signal
  32. FIN7 campaign analysis
  33. Hacking criminal infrastructure
  34. How was OWASP TOP 10 manipulated
  35. Authentication bypass in WD My Cloud
  36. Collection of PoC for multiple CVEs
  37. YubiKey user guide
  38. VMWare RCE
  39. Hyper-V vulnerabilities
  40. Tracking pixels used in real world attacks
  41. Personalized spam and phishing
  42. How cybercriminals communicate
  43. Analysis of Java malware campaign
  44. Locky campaign analysis
  45. Analysis of a large spam campaign
  46. XPan ransomware analysis
  47. Necurs botnet analysis
  48. Hajime botnet analysis
  49. Webroot removed key Window files
  50. RCE in IrfanView plugin
  51. Analysis of a malicious app attacking Facebook accounts
  52. Rig EK shellcode analysis
  53. Tunnelling C&C communications via DNS
  54. [PDF] Attacks against IT service providers

Did you enjoy this list? You can retweet it and subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *