IT Security Weekend Catch Up – April 6, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! Newsletter: Making passwords simple (PDF)
  2. Facebook demanding some new users’ email passwords
  3. Two more cases of third-party Facebook app data exposure
  4. Facebook let dozens of cybercrime groups operate in plain sight
  5. The CIA campaign to steal Apple’s secrets
  6. American hackers helped UAE spy on Al Jazeera chairman, BBC host
  7. Family finds hidden camera livestreaming from their Airbnb in Ireland
  8. How I eat for free in NYC using Python, automation, artificial intelligence, and Instagram
  9. Bayer contains cyber attack it says bore Chinese hallmarks
  10. Michigan medical practice folds after ransomware attack
  11. Canadian police raid ‘Orcus RAT’ author
  12. Alleged chief of Romanian ATM skimming gang arrested in Mexico
  13. Mark Karpelès, former head of Mt. Gox, gets suspended sentence
  14. Crypto exchange Bithumb hacked for $13 million in suspected insider job
  15. Microsoft Bounty Program updates: Faster bounty review, faster payments, and higher rewards

For the more technical

  1. Microsoft Edge and Internet Explorer zero-days allow access to confidential session data
  2. A window of opportunity: exploiting a Chrome 1day vulnerability + PoC
  3. VMware fixes critical vulnerabilities in ESXi, Workstation and Fusion
  4. Code execution, DoS flaws patched in Advantech WebAccess
  5. Poor Cisco fixes and Korean 0-days
  6. CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation
  7. Analysis of a VB Script heap overflow (CVE-2019-0666)
  8. How I discovered an easter egg in Android’s security and didn’t land a job at Google
  9. Vulnerability in Xiaomi pre-installed security app
  10. Backdoor code found in popular Bootstrap-Sass Ruby library
  11. Subverting Electron apps via insecure preload
  12. Ongoing DNS hijacking campaign targeting consumer routers
  13. Security alert: pipdig insecure, DDoSing competitors
  14. Plugin vulnerabilities exploited in traffic monetization schemes
  15. Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101
  16. Multiple vulnerabilities in GOG Galaxy Games
  17. Skype bug automatically answers calls on Android
  18. Malware in smart factories: Top security threats to manufacturing environments
  19. Beware of stalkerware. Research on commercial surveillance software
  20. How cybercriminals use popular TV shows to spread malware
  21. A one-two punch of Emotet, TrickBot, & Ryuk stealing & ransoming data
  22. IcedID banking trojan spruces up injection tactics to add stealth
  23. Ursnif – a polymorphic delivery mechanism explained
  24. Bashlite IoT malware updated with mining and backdoor commands, targets WeMo devices
  25. What you see is not what you get: when homographs attack
  26. Guide to phishing
  27. DNS remote ping scans via open resolvers
  28. Over 13K iSCSI storage clusters left exposed online without a password
  29. Should you be concerned about LastPass uploading your passwords to its server?
  30. An unsecured server provided a rare insight to see exactly how a massive spam operation worked
  31. Intercepting a FIN6 intrusion, an actor recently tied to Ryuk and LockerGoga ransomware
  32. Cloudflare is adding a free VPN to its 1.1.1.1 app
  33. CommandoVM – a fully customized distribution for penetration testing and red teaming
  34. Password checkup: from 0 to 650, 000 users in 20 days

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *