IT Security Weekend Catch Up – August 31, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. The adventures of lab ED011
  2. ABBYY exposed its document storage database with more than 200K scanned contracts, letters
  3. 1,464 Western Australian government officials used ‘Password123’ as their password
  4. Air Canada app data breach involves passport numbers
  5. Hackers stole personal data of 2 million T-Mobile customers + more information
  6. Leaked data from Chinese hotel chain may affect 130 million customers
  7. More than 85% of China’s app users have had their data leaked
  8. Spyware company exposed ‘281 gigabytes’ of children’s photos online
  9. Spyware company that marketed to domestic abusers gets hacked
  10. U.S. accuses China of ‘super aggressive’ spy campaign on LinkedIn
  11. Bank of Spain hit by DDoS attack
  12. Scammers threaten to review bomb a travel company unless it pays ransom
  13. Alleged Facebook scammer arrested in Ecuador, will resist extradition
  14. Enterprise security risk: Apps capturing corporate mobile screens
  15. Fortnite fury over how Google handled its security hole + more information
  16. Building the security operations center of tomorrow—harnessing the law of data gravity
  17. Instagram’s new security tools are a welcome step, but not enough

For the more technical

  1. Task Scheduler ALPC exploit high level analysis
  2. Floating-poison math in Chakra
  3. Bypassing workflows protection mechanisms – remote code execution on SharePoint
  4. Click me if you can, Office social engineering with embedded objects
  5. Remote Mac exploitation via custom URL schemes
  6. Oracle Critical Patch Update July 2018 and Security Alert for CVE-2018-3110
  7. Vulnerabilities in Schneider Electric industrial devices
  8. Remote code execution on packagist.org
  9. Sensitive data exposure via WiFi broadcasts in Android OS
  10. Comprehensive vulnerability analysis of AT commands within the Android ecosystem (PDF)
  11. Light ears: Information leakage via smart lights (PDF)
  12. From compiler optimization to code execution – VirtualBox VM escape
  13. Fiserv flaw exposed customer data at hundreds of banks
  14. View private Instagram photos
  15. Gmail Android app insecure Network Security Configuration
  16. Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat’s installation script
  17. Reversing malware in a custom format: Hidden Bee elements
  18. Loki Bot: On a hunt for corporate passwords
  19. A walk through the AcridRain stealer
  20. Password protected Word document delivers Hermes ransomware
  21. The Urpage connection to Bahamut, Confucius and Patchwork
  22. BusyGasper – the unfriendly spy
  23. Semi-annual balance of mobile security
  24. The rise of mobile banker Asacub
  25. Carbanak/Cobalt/FIN7 group targets Russian, Romanian banks in new attacks
  26. Cosmos Bank SWIFT/ATM US$13.5 million cyber attack detection using security analytics
  27. Rocke: The champion of Monero miners
  28. APT29 domain fronting with TOR
  29. Stopping a big botnet targeting USA, Canada and Italy
  30. Who’s behind the screencam extortion scam?
  31. How to build your own rogue GSM BTS for fun and profit
  32. Analysing Apple Pay transactions
  33. Machine learning: good for security or a new threat?
  34. One-in-two JavaScript project audits by NPM tools sniff out at least one vulnerability
  35. When multi-factor will not save you
  36. Introducing the Tink cryptographic software library
  37. LKRG 0.4 available for download
  38. German cryptanalytic attacks on the British World War II “TYPEX” machine

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *