Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- OUCH! Security Awareness Newsletter: Smart home devices (PDF)
- Bank data for sale on the dark web rises by 135% every year
- Credit card issuer TCM Bank leaked applicant data for 16 months
- How criminals recruit telecom employees to help them hijack SIM cards
- How a hacker allegedly stole millions by hijacking phone numbers
- Meriton to pay $3 million for misleading consumers on TripAdvisor
- The year targeted phishing went mainstream
- This hacker party is ground zero for Russia’s cyberspies
- Suspected Russian spy found working at US embassy in Moscow
- The Baltic elves taking on pro-Russian trolls
- Lithuania: Russian app spying on users
- Countering ‘smart’ terrorists who use online gaming platforms
- TSA is tracking regular travelers like terrorists in secret surveillance
- The story of an NSA hacker
For the more technical
- Adventures in vulnerability reporting
- HP launches bug bounty program for printers
- HP Ink printers remote code execution
- Exploiting a Microsoft Edge vulnerability to steal files
- Symfony: Remove support for legacy and risky HTTP headers
- Critical vulnerabilities in WECON LeviStudioU
- Pegasus: analysis of network behavior
- SamSam: The (almost) six million dollar ransomware (PDF)
- Kovter uncovered – malware teardown (PDF)
- Attacks on industrial enterprises using RMS and TeamViewer
- Spam campaign abusing SettingContent-ms
- Malicious document targets Vietnamese officials
- New Underminer exploit kit delivers bootkit and cryptocurrency-mining malware
- Geodo and TrickBot malware morph into bigger threats
- Inside look at Emotet’s global victims and malspam Qakbot payloads
- BGP / DNS hijacks target payment systems
- Mass MikroTik router infection – first we cryptojack Brazil, then we take the world?
- How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign
- Facebook phishing via SMS
- Google Play apps infected with Windows executable files
- Attacking the attackers
- Click on this iOS phishing scam and you’ll be connected to “Apple Care”
- Disclose Facebook internal server information with a strange poll
- On the hunt for Fin7 (Carbanak) + more information
- Three members of notorious international cybercrime group Fin7 in custody
- Multiple Cobalt personality disorder
- APT group RASPITE targets US electric utilities
- Amnesty International among targets of NSO-powered campaign + more information
- Creating a key generator to reset a Hikvision IP camera’s admin password
- Improving PHP extensions as a persistence method
- Making a Blind SQL Injection a little less blind
- PS4 Aux Hax – part 1, 2 & 3
- Exploitable or not exploitable? Using REVEN to examine a NULL pointer dereference
- iOS 12 Beta 5: One step forward, two steps back
- Introducing Web Authentication in Microsoft Edge
- Better slow than sorry – VirtualBox 3D acceleration considered harmful
- Thunderbird and Enigmail – audit report by Cure53
- The default OpenSSH key encryption is worse than plaintext
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – August 4, 2018”