Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- Delta confirms customers’ information may have been compromised
- Half of European flights delayed due to system failure
- Smugglers in China are going high-tech
- A pickpocket of almost supernatural ability
- One of the largest lottery scams in history
- Malaysian central bank says foiled attempted cyber-heist
- Facebook retracted Zuckerberg’s messages from recipients’ inboxes
- The man who spent $100K to remove a lie from Google
- Three execs get prison time for pirating Oracle firmware patches
- Leaked emails show Russia uses paid thugs to sow dissent and chaos
- Russia asked ISPs to block 13.5 million Amazon IP addresses
- Software bug behind biggest telephony outage in US history
- Cyberattack pings data systems of at least four gas networks
- Why did the world’s largest streaming site suddenly shut down
For the more technical
- Apple’s password problems
- Grindr shares personal information with third-parties
- Panera Bread doesn’t take security seriously + more information
- India’s largest auto transportation company vulnerable to attack
- Compromising ShareFile on-premise via 7 chained vulnerabilities
- Security bugs in EEG software open hospitals to attack + technical description
- New vulnerabilities in Allen Bradley MicroLogix 1400 PLCs
- DoS vulnerability in Siemens SIMATIC products
- A vulnerability in Moxa AWK-3131A industrial wireless access point
- Critical infrastructure at risk: advanced actors target Smart Install client
- Google bug bounty for security exploit that influences search results
- Race to RCE
- Attacking an FTP client
- Microsoft out-of-band security update patches Malware Protection Engine flaw + technical description
- Hacker uses exploit to generate Verge cryptocurrency out of thin air
- Secret Service warns of chip card scheme
- Card data stolen from 5 million Saks Fifth Avenue and Lord & Taylor customers
- Fin7 – the billion-dollar hacking group behind a string of big breaches
- M-Trends 2018 Report
- Hacked Website Trend Report
- Security Patching is Hard – Survey Results 2017
- Pwn0rama – a premium exploit acquisition program
- Details of the Mozilla Pwn2Own exploit
- IcedID banking trojan teams up with Rovnix for distribution
- More than 78,000,000 rubles of Sberbank’s clients are under threat + technical description
- Analysing TrickBot doesn’t have to be tricky
- LockCrypt ransomware: weakness in code can lead to recovery
- njRAT pushes Lime ransomware and Bitcoin wallet stealer
- Fake AV investigation unearths KevDroid, new Android malware
- Hunting down Dofoil with Windows Defender ATP
- A close look at malicious documents – part I & II
- SandiFlux – another Fast Flux infrastructure used in malware distribution emerges
- Reaper group’s updated mobile arsenal
- Lazarus KillDisks Central American casino
- Mirai-variant IoT botnet used to target financial sector
- Backdooring popular Windows plugins
- Cracking Cisco’s Sourcefire licensing system
- Beyond XSS: Edge Side Include Injection
- Invisibly inserting usernames into text with Zero-Width Characters
- Dot-cm typosquatting sites visited 12 million times so far in 2018
- Demystifying advanced logical acquisition
- Google services blocked on uncertified devices
- Tor Project shuts down development of Tor Messenger
- Cloudflare launches 1.1.1.1 privacy-first consumer DNS service + additional information
- PhishProtect Chrome extension
- VirusTotal Droidy – a new Android sandbox
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – April 7, 2018”