IT Security Weekend Catch Up – December 15, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Save the Children Foundation duped by hackers into paying out $1 million
  2. Hacker banner ads are totally wild
  3. Fraudster convicted of online banking thefts using a bizarre homemade device
  4. Spammed bomb threat hoax demands Bitcoin
  5. We broke into a bunch of Android phones with a 3D-printed head
  6. Facebook, under scrutiny, pays out largest bug bounty yet
  7. Over 40,000 credentials for government portals found online
  8. Widespread blurring of satellite images reveals secret facilities
  9. Super Micro says review found no malicious chips in motherboards
  10. What’s actually in Australia’s encryption laws? Everything you need to know
  11. Signal says it can’t allow government access to users’ chats
  12. The truth about Black Friday and Cyber Monday

For the more technical

  1. 50 CVEs in 50 days: Fuzzing Adobe Reader
  2. Adobe’s year-end update patches 87 flaws in Acrobat software
  3. The December 2018 security update review
  4. Zero-day in Windows Kernel Transaction Manager
  5. A bug in Microsoft’s login system made it easy to hijack anyone’s Office account
  6. Google will shut down Google+ four months early after second data leak
  7. How I could have stolen your photos from Google
  8. Facebook Photo API bug exposed pics of up to 6.8 million users
  9. WordPress plugs bug that led to Google indexing some user passwords
  10. Samsung bug allowed full takeover of user accounts
  11. Remote code execution vulnerability in SQLite
  12. Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix
  13. Tildeb: Analyzing the 18-year-old implant from the Shadow Brokers’ leak
  14. How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal
  15. Vulnerability in Logitech Options
  16. New exploit kit “Novidade” found targeting home and SOHO routers
  17. Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)
  18. FreeRTOS TCP/IP stack vulnerabilities – the details
  19. Serious vulnerability in Rockwell Automation PLCs
  20. Critical vulnerabilities in Siemens SINUMERIK controllers
  21. Owning the Virgin Media Hub 3.0: The perfect place for a backdoor
  22. How to steal private information from a mobile device using a powerbank
  23. The guidelines on cyber security onboard ships (PDF)
  24. IoT Security in the ‘Smart Manufacturing’ world: a new study by ENISA
  25. Abandoned Globelmposter TOR site leaves ransomware victims without options
  26. MHT file inside a ZIP file
  27. Shamoon 3 targets oil and gas organization + more information
  28. Operation Sharpshooter – campaign targets global defense, critical infrastructure (PDF)
  29. The latest wave of organized phishing attacks by Iranian state-backed hackers + additional information
  30. Dear Joohn: The Sofacy group’s global campaign
  31. The Dark Side of the ForSSHe: A landscape of OpenSSH backdoors (PDF)
  32. Emotet trojan is back with a vengeance
  33. Android malware steals money from PayPal accounts
  34. The evolution of Microsoft Threat Protection, December update

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *