Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- OUCH! Newsletter: Making passwords simple (PDF)
- Facebook demanding some new users’ email passwords
- Two more cases of third-party Facebook app data exposure
- Facebook let dozens of cybercrime groups operate in plain sight
- The CIA campaign to steal Apple's secrets
- American hackers helped UAE spy on Al Jazeera chairman, BBC host
- Family finds hidden camera livestreaming from their Airbnb in Ireland
- How I eat for free in NYC using Python, automation, artificial intelligence, and Instagram
- Bayer contains cyber attack it says bore Chinese hallmarks
- Michigan medical practice folds after ransomware attack
- Canadian police raid ‘Orcus RAT’ author
- Alleged chief of Romanian ATM skimming gang arrested in Mexico
- Mark Karpelès, former head of Mt. Gox, gets suspended sentence
- Crypto exchange Bithumb hacked for $13 million in suspected insider job
- Microsoft Bounty Program updates: Faster bounty review, faster payments, and higher rewards
For the more technical
- Microsoft Edge and Internet Explorer zero-days allow access to confidential session data
- A window of opportunity: exploiting a Chrome 1day vulnerability + PoC
- VMware fixes critical vulnerabilities in ESXi, Workstation and Fusion
- Code execution, DoS flaws patched in Advantech WebAccess
- Poor Cisco fixes and Korean 0-days
- CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation
- Analysis of a VB Script heap overflow (CVE-2019-0666)
- How I discovered an easter egg in Android's security and didn't land a job at Google
- Vulnerability in Xiaomi pre-installed security app
- Backdoor code found in popular Bootstrap-Sass Ruby library
- Subverting Electron apps via insecure preload
- Ongoing DNS hijacking campaign targeting consumer routers
- Security alert: pipdig insecure, DDoSing competitors
- Plugin vulnerabilities exploited in traffic monetization schemes
- Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101
- Multiple vulnerabilities in GOG Galaxy Games
- Skype bug automatically answers calls on Android
- Malware in smart factories: Top security threats to manufacturing environments
- Beware of stalkerware. Research on commercial surveillance software
- How cybercriminals use popular TV shows to spread malware
- A one-two punch of Emotet, TrickBot, & Ryuk stealing & ransoming data
- IcedID banking trojan spruces up injection tactics to add stealth
- Ursnif - a polymorphic delivery mechanism explained
- Bashlite IoT malware updated with mining and backdoor commands, targets WeMo devices
- What you see is not what you get: when homographs attack
- Guide to phishing
- DNS remote ping scans via open resolvers
- Over 13K iSCSI storage clusters left exposed online without a password
- Should you be concerned about LastPass uploading your passwords to its server?
- An unsecured server provided a rare insight to see exactly how a massive spam operation worked
- Intercepting a FIN6 intrusion, an actor recently tied to Ryuk and LockerGoga ransomware
- Cloudflare is adding a free VPN to its 1.1.1.1 app
- CommandoVM - a fully customized distribution for penetration testing and red teaming
- Password checkup: from 0 to 650, 000 users in 20 days
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments