IT Security Weekend Catch Up – August 17, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. 2019 Pwnie Award winners
  2. Microsoft’s Windows Defender is now one of the best antivirus apps in the world
  3. Understanding why phishing attacks are so effective and how to mitigate them
  4. US files lawsuit against Bitcoin exchange that helped launder ransomware profits
  5. Apple seeks to shut down Corellium’s ‘perfect replicas’ of iOS
  6. Second Life is plagued by security flaws, ex-employee says
  7. Major breach found in biometrics system used by banks, UK police and defence firms
  8. High-security locks for government and banks hacked by researcher
  9. Never-Googlers: Web users take the ultimate step to guard their data

For the more technical

  1. The first issue of Paged Out! (PDF)
  2. Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
  3. Microsoft’s August 2019 Patch Tuesday fixes 93 vulnerabilities
  4. Windows CTF flaws enable attackers to fully compromise systems
  5. New Dragonblood vulnerabilities found in WiFi WPA3 standard
  6. KNOB Attack: Breaking Bluetooth security
  7. Gaining code execution using a malicious SQLite database
  8. Screwed drivers – signed, sealed, delivered
  9. Huge survey of firmware finds no security gains in 15 years
  10. New HTTP/2 flaws expose unpatched web servers to DoS attacks
  11. Spying on HTTPS
  12. Threat hunting using DNS firewalls and data enrichment
  13. Kasper-Spy: Kaspersky Anti-Virus puts users at risk
  14. Canon DSLR camera infected with ransomware over the air
  15. A remote-start app exposed thousands of cars to hackers
  16. Investigating CAN bus network integrity in avionics systems
  17. Cerberus – a new banking trojan from the underworld
  18. Gootkit banking trojan – deep dive into anti-analysis features
  19. The curious case of a fileless TrickBot infection
  20. LokiBot gains new persistence mechanism, uses steganography to hide its tracks
  21. New Remcos RAT arrives via phishing email
  22. The Hidden Bee infection chain: the stegano pack
  23. Malware naming Hell: taming the mess of AV detection names
  24. Recent Cloud Atlas activity
  25. Keeping a hidden identity: Mirai C&Cs in Tor network
  26. Inside malware markets: current trends and competitive forces
  27. Malvertising: Online advertising’s darker side
  28. Adware posing as 85 photography and gaming apps on Google Play installed over 8 million times
  29. Phishing campaigns imitating CEOs bypass Microsoft Gateway to target energy sector
  30. 100% JavaScript phishing page
  31. The good, the bad and the non-functional, or “how not to do an attack campaign”
  32. Confidential company documents exposed in public sandboxes
  33. How Facebook catches bugs in its 100 million lines of code
  34. Showing vulnerability to a machine: automated prioritization of software vulnerabilities
  35. From email to phone number, a new OSINT approach
  36. Username (and password) free login with security keys
  37. Google will now let Android users log in to some services without a password + more information
  38. New Research: Lessons from Password Checkup in action
  39. Reversing an Oppo ozip encryption key from encrypted firmware
  40. Extended mobile forensics: analyzing desktop computers
  41. These legit-looking iPhone lightning cables will hijack your computer
  42. Making it Rain shells in Kubernetes
  43. Commando VM 2.0: Customization, containers, and Kali

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *