Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- How three conspiracy theorists took ‘Q’ and sparked Qanon
- Mind games: Russia updates an old tactic
- How Russia’s war in Georgia sparked Moscow’s modern-day recruitment of criminal hackers
- Meet ‘Intrusion Truth’, the mysterious group doxing Chinese intel hackers
- Website promised free anti-antifa shirts. Alt-right signed up. It was a trap
- Inside Facebook’s struggle to moderate two billion people
- An undiscovered Facebook bug made me think I was hacked
- Crowdsourcing the hunt for software bugs is a booming business – and a risky one
- Superdrug hack: Data thieves claim to have information on 20,000 customers
- Animoto hack exposes personal information, location data
- Sexual assault victim’s medical records given to wrong person
- Apple forces Facebook VPN app out of iOS store for stealing users’ data
- Sydney airport seizure of phone and laptop ‘alarming’, say privacy groups
- FBI probing cyber attack on congressional campaign in California
- Two arrested for allegedly spying for Iran in U.S.
- The man who solved Bitcoin’s most notorious heist
- Ar3s avoids lengthy prison term after cooperating with authorities
- Alleged SIM swapper arrested in California + more information
- Prenda lawyer pleads guilty in Pirate Bay honeypot case
- Stolen Android anti-piracy software dumped on Github
For the more technical
- OpenSSH user enumeration vulnerability
- How I hacked BlackHat 2018
- Multi-factor mixup: Who were you again?
- New “Turning Tables” technique bypasses all Windows kernel mitigations (PDF)
- Which of the OWASP Top 10 caused the world’s biggest data breaches?
- Critical remote code execution vulnerability in Apache Struts
- Remote code execution on a Facebook server
- No patch available yet for new major vulnerability in Ghostscript interpreter
- Phishing for files with Airmail 3 for Mac
- Malicious faxes leave firms ‘open’ to cyber-attack (PDF)
- VORACLE attack can recover HTTP data from VPN connections
- Subdomain takeover: Finding candidates
- Hacking law firms with abandoned domain names
- How Cloudflare protects customers from cache poisoning
- Google tracks you even if location history’s off. Here’s how to stop it
- Fortnite installer allowed hackers to download anything on your Android phone
- IoT hijackers lead victims to bogus Banco de Brasil website
- BackSwap malware now targets six banks in Spain
- Bank malspam revisited + more information
- Microsoft Publisher files delivering malware
- Interesting hidden threat since years?
- Turla: In and out of its unique Outlook backdoor (PDF)
- Picking apart Remcos botnet-in-a-box
- Iranian influence operation leverages network of inauthentic news sites & social media
- An update on state-sponsored activity
- Cobalt Dickens targets universities
- Lazarus hits cryptocurrency exchange with fake installer and macOS malware
- New wave of Mirai leverages open-source project for cross platform infection technique
- Ryuk ransomware: A targeted campaign break-down
- Princeton University researchers: Causing power outages with IoT botnet (PDF)
- Rapid7 Quarterly Threat Report: 2018 Q2
- We are taking new steps against broadening threats to democracy
- A study of ReDoS vulnerabilities in JavaScript-based web servers (PDF)
- Singularity of Origin: A DNS Rebinding attack framework
- Clone your finger – bypassing TouchID
- A look into Signal’s encrypted profiles
- Reverse engineering Mortal Kombat GRA file format
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – August 25, 2018”