Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- The Iraqi spy who infiltrated ISIS
- Russian hackers targeted Swedish news sites in 2016
- Russian-backed separatists are using terrifying text messages to shock adversaries
- FBI warns of ‘unlimited’ ATM cashout blitz
- Cosmos Bank loses $13.5 million in cyber attack
- BitConnect: How to lose $3 billion of Bitcoin
- Hanging up on mobile in the name of security
- Melbourne teen hacked into Apple’s secure computer network, court told
- Some 2.6 billion data records exposed in first half of 2018
- NSW Health medical records abandoned in derelict building
- Google tracks your movements, like it or not
- Banks and retailers are tracking how you type, swipe and tap
- Uber picks N.S.A. veteran to fix troubled security team
- NSA cracked open encrypted networks of Russian airlines, Al Jazeera
- Why you need a better handle on the WhatsApp, Signal and Telegram apps
- U.S. government seeks Facebook help to wiretap Messenger
- Facebook’s moderation – Hungarian experiences
- Toronto man sues Facebook $500,000 for ‘anxiety’ related to Cambridge Analytica breach
- Google boots open source anti-censorship tool from Chrome Store
- SentinelOne makes YouTube delete Bsides vid ‘cuz it didn’t like the way bugs were reported
- WikiLeaks’ founder tried to retaliate against hacktivist hero Barrett Brown
- U.S. Attorney moves to dismiss murder-for-hire charges against Ross Ulbricht
- LinkedIn hacking suspect refuses to cooperate with his lawyers
- Second Nigerian sentenced for phishing scam
For the more technical
- DEF CON 26 presentations
- Foreshadow: Breaking the virtual memory abstraction with transient out-of-order execution
- Analysis and mitigation of L1 Terminal Fault (L1TF) + Intel response
- Backdoor mechanism discovered in VIA C3 x86 processors
- Hacked satellite systems could launch microwave-like attacks, expert warns (PDF)
- A clever Android hack takes advantage of sloppy storage
- Voracle – compression oracle attacks on VPN tunnels
- Microsoft August 2018 Patch Tuesday
- Arbitrary, unsigned code execution vector in Microsoft.Workflow.Compiler.exe
- UAF vulnerability in VBScript engine affects Internet Explorer to run shellcode
- The problems and promise of WebAssembly
- The dangers of key reuse: Practical attacks on IPsec IKE (PDF)
- A bug that affects million users – Kaspersky VPN
- ICS-CERT warns of critical flaws in NetComm industrial routers
- Samsung Galaxy S7 smartphones vulnerable to hacking
- Vulnerable out of the box – an evaluation of Android carrier devices
- Clickjackings in Google worth 12644.7$
- Amazon AWS error exposes info on 31,000 GoDaddy servers
- How I chained 4 bugs into RCE on Amazon Collaboration System
- Vulnerabilities in fax protocol let hackers infiltrate networks via fax machines
- New SharePoint phishing attack affects an estimated 10% of Office 365 users
- New extortion tricks: Now including your (partial) phone number
- KeyPass ransomware
- IoT hackers trick Brazilian bank customers into providing sensitive information
- Necurs targeting banks with PUB file that drops FlawedAmmyy + more information
- Process Doppelgänging meets Process Hollowing in Osiris dropper
- Anubis is back: Are you prepared?
- Malware has no trouble hiding and bypassing macOS user warnings
- APT10 was managed by the Tianjin bureau of the Chinese Ministry of State Security
- Chinese cyberespionage originating from Tsinghua University infrastructure
- Reversing a Japanese wireless SD card
- Credit card skimmers now need to fear the Reaper (PDF)
- Low-level hacking NCR ATM
- De-anonymizing programmers from executable binaries (PDF)
- Who left open the cookie jar? A comprehensive evaluation of third-party cookie policies (PDF)
- Mozilla removes 23 Firefox add-ons that snooped on users
- Google: Expanding our Vulnerability Reward Program to combat platform abuse
- The new month of Burp pr0n
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – August 18, 2018”