IT Security Weekend Catch Up – December 10 2017

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. How the CIA helped foil a Russian spy ring in London
  2. Europol taking down over 20 000 internet domain names
  3. Money laundering via AirBnB
  4. The man who deactivated Trump’s Twitter account
  5. Fancy Bear using UK hosting services
  6. Other details of Fancy Bear activities (APT28, Pawn Storm)
  7. Interview with Joe Grand (AKA Kingpin)
  8. NSA leaker pleads guilty
  9. Another NSA contractor leaking data
  10. Brushing – unordered parcels from China
  11. CoinPouch security breach
  12. NCSC recommends not using Kaspersky AV
  13. Chinese men accused of stealing corporate data
  14. Russian carder sentenced to 14 years
  15. Canadian man pleads guilty to hacking for Kremlin
  16. Dark web threats
  17. [VIDEO] VoIP spying
  18. SWIFT hacks alert
  19. Europol arrested four skimmers
  20. Russian hackers trade British ministers passwords
  21. Politicians sharing passwords
  22. Uber paid 20 year old man to keep breach secret
  23. Bug bounties as anti-disclosure strategy
  24. OSINT used to verify Saudi missile defences
  25. Jail computer hacked to release a prisoner early
  26. Bitcoins use in darknet
  27. Recovering bitcoins from a damaged laptop
  28. Cheating TripAdvisor
  29. FSB crime experts and US elections
  30. Roofing company hacked a competitor
  31. Pepsi suspected of stealing documents in Russia
  32. Cuban sonic attacks victims might be poisoned
  33. Russian hacker jailed in UK
  34. Some funny hacker videos

For the more technical

  1. Three Uber security managers resign
  2. Dirty COW patch insufficient
  3. Root access without password in macOS
  4. More technical details on macOS root access
  5. RCE with 7zip
  6. Cryptomining with hidden browser windows
  7. FB image removal vulnerability
  8. Cobalt group using recent RTF vulnerability
  9. Review of exploits attacking latest Microsoft vulnerabilities
  10. New Mirai version
  11. Finding true hidden service IP
  12. Multiple WordPress vulnerabilities
  13. New Lazarus backdoor for Android
  14. [AUDIO] F-Secure start a new podcast
  15. Cisco patches critical WebEx vulnerabilities
  16. Telnet passwords leak from serial-to-Ethernet devices
  17. Tizi – Android backdoor
  18. ROKRAT analysis
  19. Hidden service OPSEC fail
  20. Android apps users tracking
  21. iOS 11 security issues
  22. Golden SAML to forge authentication to cloud apps
  23. OpenEMR flaw leaves medical records exposed
  24. Analysis of new Ursnif variant
  25. Phishing trends analysis
  26. Effective phishing techniques
  27. Terrorism fears used in a phishing campaign
  28. Keybase for Android could store your private keys in the Google cloud
  29. Chrome fighting with third party code injection
  30. New PacketTotal version released
  31. Bitcoin Gold GitHub repository compromised
  32. Dropbox bugs
  33. Simple way to perform a memory dump
  34. Zeus Panda spreading via Emotet
  35. iCloud authentication tokens analysis part 1, 2, 3
  36. Chicago hospital data leak
  37. Guessing private bitcoin keys
  38. Password spraying attacks
  39. US Army data leaks
  40. New Retefe version analysis
  41. Data exfiltration from AWS cloud environment
  42. Gmail on Android vulnerability
  43. Tool to search S3 buckets
  44. Fileless malware analysis
  45. Kaspersky’s review of 2017
  46. Analysis of Leakbase disappearance
  47. Critical vulnerability patched in Microsoft Malware Protection Engine
  48. Andromeda botnet eliminated
  49. One of Andromeda botnet admins arrested
  50. Tracking lateral movement with event logs
  51. Modifying Android apps without modifying their signature
  52. PayPal informs about data of 1,6 mln users compromise
  53. Multiple mail clients vulnerable to spoofing bug
  54. New tools to search WHOIS database
  55. Anatomy of latest Carbanak/FIN7 attacks
  56. TeamViewer critical vulnerability
  57. WhatsApp vulnerability
  58. Tricky PayPal phishing
  59. Phishing with a EV SLL certificate
  60. TrickBot campaign analysis
  61. Description of several cryptocurrency incidents
  62. Cybercrime pricelist
  63. Satori, new Mirai-style botnet
  64. More details on Satori botnet (PDF)
  65. New IoT botnet based on Huawei routers
  66. Analysis of Flying Kitten and Rocket Kitten APT
  67. Analysis of Charming Kitten APT
  68. Creating Windows 10 kernel exploit
  69. Black Hat Europe 2017: Attacks targeting financial institutions (PDF)
  70. Ethiopian dissidents targeted with commercial spyware
  71. Analysing malicious RTF files
  72. Spying with Amazon Echo
  73. Vulnerabilities in mobile banking apps (PDF)
  74. Accessing private Ashley Madison pictures
  75. Multiple WordPress pages infected with keylogging software
  76. Details of Intel Management Engine hack (PDF)
  77. VirtualBox vulnerability
  78. Apple HomeKit vulnerability
  79. Mobile location tracking without GPS
  80. Sandbox evasion with DDE
  81. Sysinternals Sysmon – suspicious activity guide
  82. HTTPS debugging for Android apps with Burp Proxy
  83. Microsoft leaks private key for cloud ERP product

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

One thought on “IT Security Weekend Catch Up – December 10 2017”

  1. Pingback: Weekendowa Lektura: odcinek 240 [2017-12-09]. Bierzcie i czytajcie | Zaufana Trzecia Strona

Leave a Reply

Your email address will not be published. Required fields are marked *