Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- How three conspiracy theorists took ‘Q’ and sparked Qanon
- Mind games: Russia updates an old tactic
- How Russia’s war in Georgia sparked Moscow’s modern-day recruitment of criminal hackers
- Meet ‘Intrusion Truth’, the mysterious group doxing Chinese intel hackers
- Website promised free anti-antifa shirts. Alt-right signed up. It was a trap
- Inside Facebook’s struggle to moderate two billion people
- An undiscovered Facebook bug made me think I was hacked
- Crowdsourcing the hunt for software bugs is a booming business – and a risky one
- Superdrug hack: Data thieves claim to have information on 20,000 customers
- Animoto hack exposes personal information, location data
- Sexual assault victim’s medical records given to wrong person
- Apple forces Facebook VPN app out of iOS store for stealing users’ data
- Sydney airport seizure of phone and laptop ‘alarming’, say privacy groups
- FBI probing cyber attack on congressional campaign in California
- Two arrested for allegedly spying for Iran in U.S.
- The man who solved Bitcoin’s most notorious heist
- Ar3s avoids lengthy prison term after cooperating with authorities
- Alleged SIM swapper arrested in California + more information
- Prenda lawyer pleads guilty in Pirate Bay honeypot case
- Stolen Android anti-piracy software dumped on Github
For the more technical
- OpenSSH user enumeration vulnerability
- How I hacked BlackHat 2018
- Multi-factor mixup: Who were you again?
- New “Turning Tables” technique bypasses all Windows kernel mitigations (PDF)
- Which of the OWASP Top 10 caused the world’s biggest data breaches?
- Critical remote code execution vulnerability in Apache Struts
- Remote code execution on a Facebook server
- No patch available yet for new major vulnerability in Ghostscript interpreter
- Phishing for files with Airmail 3 for Mac
- Malicious faxes leave firms ‘open’ to cyber-attack (PDF)
- VORACLE attack can recover HTTP data from VPN connections
- Subdomain takeover: Finding candidates
- Hacking law firms with abandoned domain names
- How Cloudflare protects customers from cache poisoning
- Google tracks you even if location history’s off. Here’s how to stop it
- Fortnite installer allowed hackers to download anything on your Android phone
- IoT hijackers lead victims to bogus Banco de Brasil website
- BackSwap malware now targets six banks in Spain
- Bank malspam revisited + more information
- Microsoft Publisher files delivering malware
- Interesting hidden threat since years?
- Turla: In and out of its unique Outlook backdoor (PDF)
- Picking apart Remcos botnet-in-a-box
- Iranian influence operation leverages network of inauthentic news sites & social media
- An update on state-sponsored activity
- Cobalt Dickens targets universities
- Lazarus hits cryptocurrency exchange with fake installer and macOS malware
- New wave of Mirai leverages open-source project for cross platform infection technique
- Ryuk ransomware: A targeted campaign break-down
- Princeton University researchers: Causing power outages with IoT botnet (PDF)
- Rapid7 Quarterly Threat Report: 2018 Q2
- We are taking new steps against broadening threats to democracy
- A study of ReDoS vulnerabilities in JavaScript-based web servers (PDF)
- Singularity of Origin: A DNS Rebinding attack framework
- Clone your finger – bypassing TouchID
- A look into Signal’s encrypted profiles
- Reverse engineering Mortal Kombat GRA file format
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – August 25, 2018”