IT Security Weekend Catch Up – August 18, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. The Iraqi spy who infiltrated ISIS
2. Russian hackers targeted Swedish news sites in 2016
3. Russian-backed separatists are using terrifying text messages to shock adversaries
4. FBI warns of ‘unlimited’ ATM cashout blitz
5. Cosmos Bank loses $13.5 million in cyber attack
6. BitConnect: How to lose $3 billion of Bitcoin
7. Hanging up on mobile in the name of security
8. Melbourne teen hacked into Apple’s secure computer network, court told
9. Some 2.6 billion data records exposed in first half of 2018
10. NSW Health medical records abandoned in derelict building
11. Google tracks your movements, like it or not
12. Banks and retailers are tracking how you type, swipe and tap
13. Uber picks N.S.A. veteran to fix troubled security team
14. NSA cracked open encrypted networks of Russian airlines, Al Jazeera
15. Why you need a better handle on the WhatsApp, Signal and Telegram apps
16. U.S. government seeks Facebook help to wiretap Messenger
17. Facebook’s moderation – Hungarian experiences
18. Toronto man sues Facebook $500,000 for ‘anxiety’ related to Cambridge Analytica breach
19. Google boots open source anti-censorship tool from Chrome Store
20. SentinelOne makes YouTube delete Bsides vid ‘cuz it didn’t like the way bugs were reported
21. WikiLeaks’ founder tried to retaliate against hacktivist hero Barrett Brown
22. U.S. Attorney moves to dismiss murder-for-hire charges against Ross Ulbricht
23. LinkedIn hacking suspect refuses to cooperate with his lawyers
24. Second Nigerian sentenced for phishing scam

For the more technical

1. DEF CON 26 presentations
2. Foreshadow: Breaking the virtual memory abstraction with transient out-of-order execution
3. Analysis and mitigation of L1 Terminal Fault (L1TF) + Intel response
4. Backdoor mechanism discovered in VIA C3 x86 processors
5. Hacked satellite systems could launch microwave-like attacks, expert warns (PDF)
6. A clever Android hack takes advantage of sloppy storage
7. Voracle – compression oracle attacks on VPN tunnels
8. Microsoft August 2018 Patch Tuesday
9. Arbitrary, unsigned code execution vector in Microsoft.Workflow.Compiler.exe
10. UAF vulnerability in VBScript engine affects Internet Explorer to run shellcode
11. The problems and promise of WebAssembly
12. The dangers of key reuse: Practical attacks on IPsec IKE (PDF)
13. A bug that affects million users – Kaspersky VPN
14. ICS-CERT warns of critical flaws in NetComm industrial routers
15. Samsung Galaxy S7 smartphones vulnerable to hacking
16. Vulnerable out of the box – an evaluation of Android carrier devices
17. Clickjackings in Google worth 12644.7$
18. Amazon AWS error exposes info on 31,000 GoDaddy servers
19. How I chained 4 bugs into RCE on Amazon Collaboration System
20. Vulnerabilities in fax protocol let hackers infiltrate networks via fax machines
21. New SharePoint phishing attack affects an estimated 10% of Office 365 users
22. New extortion tricks: Now including your (partial) phone number
23. KeyPass ransomware
24. IoT hackers trick Brazilian bank customers into providing sensitive information
25. Necurs targeting banks with PUB file that drops FlawedAmmyy + more information
26. Process Doppelgänging meets Process Hollowing in Osiris dropper
27. Anubis is back: Are you prepared?
28. Malware has no trouble hiding and bypassing macOS user warnings
29. APT10 was managed by the Tianjin bureau of the Chinese Ministry of State Security
30. Chinese cyberespionage originating from Tsinghua University infrastructure
31. Reversing a Japanese wireless SD card
32. Credit card skimmers now need to fear the Reaper (PDF)
33. Low-level hacking NCR ATM
34. De-anonymizing programmers from executable binaries (PDF)
35. Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies (PDF)
36. Mozilla removes 23 Firefox add-ons that snooped on users
37. Google: Expanding our Vulnerability Reward Program to combat platform abuse
38. The new month of Burp pr0n

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.