Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- The adventures of lab ED011
- ABBYY exposed its document storage database with more than 200K scanned contracts, letters
- 1,464 Western Australian government officials used ‘Password123’ as their password
- Air Canada app data breach involves passport numbers
- Hackers stole personal data of 2 million T-Mobile customers + more information
- Leaked data from Chinese hotel chain may affect 130 million customers
- More than 85% of China’s app users have had their data leaked
- Spyware company exposed ‘281 gigabytes’ of children’s photos online
- Spyware company that marketed to domestic abusers gets hacked
- U.S. accuses China of 'super aggressive' spy campaign on LinkedIn
- Bank of Spain hit by DDoS attack
- Scammers threaten to review bomb a travel company unless it pays ransom
- Alleged Facebook scammer arrested in Ecuador, will resist extradition
- Enterprise security risk: Apps capturing corporate mobile screens
- Fortnite fury over how Google handled its security hole + more information
- Building the security operations center of tomorrow—harnessing the law of data gravity
- Instagram’s new security tools are a welcome step, but not enough
For the more technical
- Task Scheduler ALPC exploit high level analysis
- Floating-poison math in Chakra
- Bypassing workflows protection mechanisms - remote code execution on SharePoint
- Click me if you can, Office social engineering with embedded objects
- Remote Mac exploitation via custom URL schemes
- Oracle Critical Patch Update July 2018 and Security Alert for CVE-2018-3110
- Vulnerabilities in Schneider Electric industrial devices
- Remote code execution on packagist.org
- Sensitive data exposure via WiFi broadcasts in Android OS
- Comprehensive vulnerability analysis of AT commands within the Android ecosystem (PDF)
- Light ears: Information leakage via smart lights (PDF)
- From compiler optimization to code execution - VirtualBox VM escape
- Fiserv flaw exposed customer data at hundreds of banks
- View private Instagram photos
- Gmail Android app insecure Network Security Configuration
- Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat's installation script
- Reversing malware in a custom format: Hidden Bee elements
- Loki Bot: On a hunt for corporate passwords
- A walk through the AcridRain stealer
- Password protected Word document delivers Hermes ransomware
- The Urpage connection to Bahamut, Confucius and Patchwork
- BusyGasper - the unfriendly spy
- Semi-annual balance of mobile security
- The rise of mobile banker Asacub
- Carbanak/Cobalt/FIN7 group targets Russian, Romanian banks in new attacks
- Cosmos Bank SWIFT/ATM US$13.5 million cyber attack detection using security analytics
- Rocke: The champion of Monero miners
- APT29 domain fronting with TOR
- Stopping a big botnet targeting USA, Canada and Italy
- Who’s behind the screencam extortion scam?
- How to build your own rogue GSM BTS for fun and profit
- Analysing Apple Pay transactions
- Machine learning: good for security or a new threat?
- One-in-two JavaScript project audits by NPM tools sniff out at least one vulnerability
- When multi-factor will not save you
- Introducing the Tink cryptographic software library
- LKRG 0.4 available for download
- German cryptanalytic attacks on the British World War II "TYPEX" machine
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments