IT Security Weekend Catch Up – August 30, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Microsoft: Using multi-factor authentication blocks 99.9% of account hacks
  2. Programmer discovers thousands of phone numbers, addresses, and geolocations apparently leaked by Russia’s ‘SORM’ surveillance tech
  3. It was sensitive data from a U.S. anti-terror program – and terrorists could have gotten to it for years, records show
  4. China intercepts WeChat texts from U.S. and abroad, researcher says
  5. Breach exposes data belonging to Imperva Cloud WAF customers
  6. Hostinger resets customer passwords after security incident
  7. Binance to give KYC hack victims VIP accounts
  8. More than £900,000 confiscated from from cyber hacker
  9. Capital One hacker suspected to have stolen data from 30 other companies
  10. Justice Department indicts 80 individuals in a massive business email scam bust
  11. Ransomware hits hundreds of dentist offices in the US + more information
  12. Using voice search? Use caution when asking for auto dial from your smart device

For the more technical

  1. New DDoS attack-vector via WS-Discovery/SOAPoverUDP, port 3702
  2. Vulnerabilities in popular VPNs (PDF)
  3. Over 14,500 Pulse Secure VPN endpoints vulnerable to CVE-2019-11510
  4. Check Point Endpoint Security Initial Client for Windows – privilege escalation to SYSTEM
  5. Cisco REST API container for IOS XE software authentication bypass vulnerability
  6. PrivEsc in Lenovo Solution Centre, 10 minutes later
  7. Case study: Searching for a vulnerability pattern in the Linux kernel
  8. DejaBlue: Analyzing a RDP heap overflow
  9. QEMU VM escape
  10. Apple patches previously fixed security bug that allowed iPhone jailbreak
  11. Why iOS 12.4 jailbreak is a big deal for the law enforcement
  12. A very deep dive into iOS Exploit chains found in the wild
  13. Cryptographic key used to sign one of Facebook’s Android apps compromised
  14. How I hacked Instagram again
  15. Instagram phishing uses 2FA as a lure
  16. How I found a critical flaw in airlines online manage booking system
  17. A cryptocurrency heist, starring your web browser
  18. Hackers could steal a Tesla Model S by cloning its key fob—again
  19. An advertising dropper in Google Play
  20. TrickBot modifications target U.S. mobile users
  21. TrickBot is using Google Docs to trick Proofpoint’s Gateway
  22. More_eggs, anyone? Threat actor ITG08 strikes again
  23. TA505 at it again: Variety is the spice of ServHelper and FlawedAmmyy
  24. Oil and gas firms targeted by new Lyceum threat group + more information
  25. The state of industrial cybersecurity 2019 (PDF)
  26. Putting an end to Retadup: A malicious worm that infected hundreds of thousands
  27. Ares ADB IoT botnet targeting Android devices especially STBs/TVs
  28. New Nemty ransomware may spread via compromised RDP connections
  29. Detecting and stopping an APT41 operation
  30. RAT Ratatouille: Backdooring PCs with leaked RATs
  31. Advanced phishing campaign delivers Quasar RAT
  32. China Chopper still active 9 years later
  33. ‘Heatstroke’ campaign uses multistage phishing attack to steal PayPal and credit card information
  34. Won a free iPhone? No, it’s Calendar spam
  35. Malicious WordPress redirect campaign attacking several plugins
  36. All your clicks belong to me: Investigating click interception on the web (PDF)
  37. Hashcatch – a script to capture handshakes of nearby WiFi networks
  38. How to extract and decrypt Signal conversation history from the iPhone
  39. How to access screen time password and recover iOS restrictions password
  40. Compressed ISO files (ISZ)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *