IT Security Weekend Catch Up – August 25, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. How three conspiracy theorists took ‘Q’ and sparked Qanon
  2. Mind games: Russia updates an old tactic
  3. How Russia’s war in Georgia sparked Moscow’s modern-day recruitment of criminal hackers
  4. Meet ‘Intrusion Truth’, the mysterious group doxing Chinese intel hackers
  5. Website promised free anti-antifa shirts. Alt-right signed up. It was a trap
  6. Inside Facebook’s struggle to moderate two billion people
  7. An undiscovered Facebook bug made me think I was hacked
  8. Crowdsourcing the hunt for software bugs is a booming business – and a risky one
  9. Superdrug hack: Data thieves claim to have information on 20,000 customers
  10. Animoto hack exposes personal information, location data
  11. Sexual assault victim’s medical records given to wrong person
  12. Apple forces Facebook VPN app out of iOS store for stealing users’ data
  13. Sydney airport seizure of phone and laptop ‘alarming’, say privacy groups
  14. FBI probing cyber attack on congressional campaign in California
  15. Two arrested for allegedly spying for Iran in U.S.
  16. The man who solved Bitcoin’s most notorious heist
  17. Ar3s avoids lengthy prison term after cooperating with authorities
  18. Alleged SIM swapper arrested in California + more information
  19. Prenda lawyer pleads guilty in Pirate Bay honeypot case
  20. Stolen Android anti-piracy software dumped on Github

For the more technical

  1. OpenSSH user enumeration vulnerability
  2. How I hacked BlackHat 2018
  3. Multi-factor mixup: Who were you again?
  4. New “Turning Tables” technique bypasses all Windows kernel mitigations (PDF)
  5. Which of the OWASP Top 10 caused the world’s biggest data breaches?
  6. Critical remote code execution vulnerability in Apache Struts
  7. Remote code execution on a Facebook server
  8. No patch available yet for new major vulnerability in Ghostscript interpreter
  9. Phishing for files with Airmail 3 for Mac
  10. Malicious faxes leave firms ‘open’ to cyber-attack (PDF)
  11. VORACLE attack can recover HTTP data from VPN connections
  12. Subdomain takeover: Finding candidates
  13. Hacking law firms with abandoned domain names
  14. How Cloudflare protects customers from cache poisoning
  15. Google tracks you even if location history’s off. Here’s how to stop it
  16. Fortnite installer allowed hackers to download anything on your Android phone
  17. IoT hijackers lead victims to bogus Banco de Brasil website
  18. BackSwap malware now targets six banks in Spain
  19. Bank malspam revisited + more information
  20. Microsoft Publisher files delivering malware
  21. Interesting hidden threat since years?
  22. Turla: In and out of its unique Outlook backdoor (PDF)
  23. Picking apart Remcos botnet-in-a-box
  24. Iranian influence operation leverages network of inauthentic news sites & social media
  25. An update on state-sponsored activity
  26. Cobalt Dickens targets universities
  27. Lazarus hits cryptocurrency exchange with fake installer and macOS malware
  28. New wave of Mirai leverages open-source project for cross platform infection technique
  29. Ryuk ransomware: A targeted campaign break-down
  30. Princeton University researchers: Causing power outages with IoT botnet (PDF)
  31. Rapid7 Quarterly Threat Report: 2018 Q2
  32. We are taking new steps against broadening threats to democracy
  33. A study of ReDoS vulnerabilities in JavaScript-based web servers (PDF)
  34. Singularity of Origin: A DNS Rebinding attack framework
  35. Clone your finger – bypassing TouchID
  36. A look into Signal’s encrypted profiles
  37. Reverse engineering Mortal Kombat GRA file format

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *