Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- The adventures of lab ED011
- ABBYY exposed its document storage database with more than 200K scanned contracts, letters
- 1,464 Western Australian government officials used ‘Password123’ as their password
- Air Canada app data breach involves passport numbers
- Hackers stole personal data of 2 million T-Mobile customers + more information
- Leaked data from Chinese hotel chain may affect 130 million customers
- More than 85% of China’s app users have had their data leaked
- Spyware company exposed ‘281 gigabytes’ of children’s photos online
- Spyware company that marketed to domestic abusers gets hacked
- U.S. accuses China of ‘super aggressive’ spy campaign on LinkedIn
- Bank of Spain hit by DDoS attack
- Scammers threaten to review bomb a travel company unless it pays ransom
- Alleged Facebook scammer arrested in Ecuador, will resist extradition
- Enterprise security risk: Apps capturing corporate mobile screens
- Fortnite fury over how Google handled its security hole + more information
- Building the security operations center of tomorrow—harnessing the law of data gravity
- Instagram’s new security tools are a welcome step, but not enough
For the more technical
- Task Scheduler ALPC exploit high level analysis
- Floating-poison math in Chakra
- Bypassing workflows protection mechanisms – remote code execution on SharePoint
- Click me if you can, Office social engineering with embedded objects
- Remote Mac exploitation via custom URL schemes
- Oracle Critical Patch Update July 2018 and Security Alert for CVE-2018-3110
- Vulnerabilities in Schneider Electric industrial devices
- Remote code execution on packagist.org
- Sensitive data exposure via WiFi broadcasts in Android OS
- Comprehensive vulnerability analysis of AT commands within the Android ecosystem (PDF)
- Light ears: Information leakage via smart lights (PDF)
- From compiler optimization to code execution – VirtualBox VM escape
- Fiserv flaw exposed customer data at hundreds of banks
- View private Instagram photos
- Gmail Android app insecure Network Security Configuration
- Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat’s installation script
- Reversing malware in a custom format: Hidden Bee elements
- Loki Bot: On a hunt for corporate passwords
- A walk through the AcridRain stealer
- Password protected Word document delivers Hermes ransomware
- The Urpage connection to Bahamut, Confucius and Patchwork
- BusyGasper – the unfriendly spy
- Semi-annual balance of mobile security
- The rise of mobile banker Asacub
- Carbanak/Cobalt/FIN7 group targets Russian, Romanian banks in new attacks
- Cosmos Bank SWIFT/ATM US$13.5 million cyber attack detection using security analytics
- Rocke: The champion of Monero miners
- APT29 domain fronting with TOR
- Stopping a big botnet targeting USA, Canada and Italy
- Who’s behind the screencam extortion scam?
- How to build your own rogue GSM BTS for fun and profit
- Analysing Apple Pay transactions
- Machine learning: good for security or a new threat?
- One-in-two JavaScript project audits by NPM tools sniff out at least one vulnerability
- When multi-factor will not save you
- Introducing the Tink cryptographic software library
- LKRG 0.4 available for download
- German cryptanalytic attacks on the British World War II “TYPEX” machine
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – August 31, 2018”