IT Security Weekend Catch Up – August 23, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Apple, Google, and Mozilla block Kazakhstan’s HTTPS intercepting certificate
  2. Google wants to reduce lifespan for HTTPS certificates to one year
  3. Announcing the Microsoft Edge Insider Bounty
  4. Microsoft contractors listened to Xbox owners in their homes
  5. Man sued for using bogus YouTube takedowns to get address for swatting
  6. The rise of “bulletproof” residential networks
  7. Ransomware strike takes down 23 Texas local government agencies
  8. Employees connect nuclear plant to the internet so they can mine cryptocurrency
  9. Breach at Hy-Vee supermarket chain tied to sale of 5 million stolen credit, debit cards

For the more technical

  1. Backdoor code found in Ruby libraries
  2. npm pulls malicious package that stole login passwords
  3. Removing profile pictures for any Facebook user
  4. Webmin 0day remote code execution
  5. CVE-2019-12527: Code execution on Squid proxy through a buffer overflow
  6. Kubernetes vulnerable to DoS attacks
  7. Hacker releases first public jailbreak for up-to-date iPhones in years
  8. Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
  9. Cisco warns of public exploit code for critical switch flaws
  10. Cross-router covert channels (PDF)
  11. Multiple critical vulnerabilities in Adobe Photoshop
  12. Multiple vulnerabilities found in VLC Media Player
  13. Researcher publishes second Steam zero day after getting banned on Valve’s bug bounty program
  14. BitDefender Antivirus Free 2020 found vulnerable
  15. State of application security at top 100 global fintech startups
  16. IT threat evolution Q2 2019 + statistics
  17. Finding Neutrino: A large malware campaign ongoing since 2013
  18. Uncovering a MyKings variant with bootloader persistence
  19. Open source ransomware targets Fortnite users
  20. Asruex backdoor variant infects Word documents and PDFs through old MS Office and Adobe vulnerabilities
  21. First‑of‑its‑kind spyware sneaks into Google Play
  22. Banking trojan Bolik spreads disguised as the NordVPN app
  23. Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”
  24. [VIDEO] hacker:HUNTER – a free documentary about the hunt for the Carbanak group
  25. Magecart criminals caught stealing with their poker face on
  26. New phishing campaign bypasses Microsoft ATP to deliver Adwind to utilities industry
  27. Evolving phishing attacks targeting journalists and human rights defenders from the Middle-East and North Africa
  28. Microsoft warns of phishing attacks using custom 404 pages
  29. How attackers can harvest users’ Microsoft 365 credentials with new phishing campaign
  30. A study of bandwidth denial-of-service attacks against Tor (PDF)
  31. Hunting the public cloud for exposed hosts and misconfigurations
  32. Coinbase: A closer look at a password storage issue affecting 3,420 customers
  33. Data breach in adult site compromises privacy of all users
  34. Newly registered domains: Malicious abuse by bad actors

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *