Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- OUCH! Security Awareness Newsletter: Smart home devices (PDF)
- Bank data for sale on the dark web rises by 135% every year
- Credit card issuer TCM Bank leaked applicant data for 16 months
- How criminals recruit telecom employees to help them hijack SIM cards
- How a hacker allegedly stole millions by hijacking phone numbers
- Meriton to pay $3 million for misleading consumers on TripAdvisor
- The year targeted phishing went mainstream
- This hacker party is ground zero for Russia’s cyberspies
- Suspected Russian spy found working at US embassy in Moscow
- The Baltic elves taking on pro-Russian trolls
- Lithuania: Russian app spying on users
- Countering ‘smart’ terrorists who use online gaming platforms
- TSA is tracking regular travelers like terrorists in secret surveillance
- The story of an NSA hacker
For the more technical
- Adventures in vulnerability reporting
- HP launches bug bounty program for printers
- HP Ink printers remote code execution
- Exploiting a Microsoft Edge vulnerability to steal files
- Symfony: Remove support for legacy and risky HTTP headers
- Critical vulnerabilities in WECON LeviStudioU
- Pegasus: analysis of network behavior
- SamSam: The (almost) six million dollar ransomware (PDF)
- Kovter uncovered – malware teardown (PDF)
- Attacks on industrial enterprises using RMS and TeamViewer
- Spam campaign abusing SettingContent-ms
- Malicious document targets Vietnamese officials
- New Underminer exploit kit delivers bootkit and cryptocurrency-mining malware
- Geodo and TrickBot malware morph into bigger threats
- Inside look at Emotet’s global victims and malspam Qakbot payloads
- BGP / DNS hijacks target payment systems
- Mass MikroTik router infection – first we cryptojack Brazil, then we take the world?
- How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign
- Facebook phishing via SMS
- Google Play apps infected with Windows executable files
- Attacking the attackers
- Click on this iOS phishing scam and you’ll be connected to “Apple Care”
- Disclose Facebook internal server information with a strange poll
- On the hunt for Fin7 (Carbanak) + more information
- Three members of notorious international cybercrime group Fin7 in custody
- Multiple Cobalt personality disorder
- APT group RASPITE targets US electric utilities
- Amnesty International among targets of NSO-powered campaign + more information
- Creating a key generator to reset a Hikvision IP camera’s admin password
- Improving PHP extensions as a persistence method
- Making a Blind SQL Injection a little less blind
- PS4 Aux Hax – part 1, 2 & 3
- Exploitable or not exploitable? Using REVEN to examine a NULL pointer dereference
- iOS 12 Beta 5: One step forward, two steps back
- Introducing Web Authentication in Microsoft Edge
- Better slow than sorry – VirtualBox 3D acceleration considered harmful
- Thunderbird and Enigmail – audit report by Cure53
- The default OpenSSH key encryption is worse than plaintext
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – August 4, 2018”