IT Security Weekend Catch Up – December 16, 2016

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

On the non-technical side

  1. Democratic House candidates were also targets of Russian hacking
  2. A few words about infosec news overhype
  3. A billion Yahoo accounts stolen
  4. Verizon explores exit from Yahoo deal
  5. Yahoo database allegedly sold for $300k
  6. Mikko Hypponen AMA on Quora
  7. Uber accused of abusing personal information of customers
  8. Multiple DDoSers arrested or warned
  9. Kaspersky’s cyber pew pew pew map
  10. Critical data leak due to unprotected home backup drive
  11. Manipulating Reddit with $200

On the more technical side

  1. BSides Lisbon – slides and videos
  2. Kaspersky’s 2016 summary
  3. NIST draft of password rules
  4. Electronic BLE safe locks analysis
  5. Internet census 2016 – all SSH services
  6. Cisco provides a list of top 1 million websites
  7. macOS FileVault2 password retrieval
  8. Detecting hthe usage of binary instrumentation utility PIN
  9. Mirai DGA analysis
  10. RCE in Ubuntu desktop
  11. Very clever exploit for ChromeOS
  12. More exploits offered by Shadow Brokers
  13. RCE in Netgear routers
  14. How Nymaim avoids virtual machines
  15. JScript dropeer with UAC bypass
  16. Serious Joomla vulnerability
  17. Using PLCs as a payload/shellcode distribution system
  18. Analysis of attacks against financial institutions in Ukraine
  19. Malvertising atacks on home routers
  20. Nagios RCE
  21. Dropbox H1 2016 transparency report
  22. “Backdoor” in Skype for Mac OS X
  23. iPhones patched to stop reading your passwords aloud
  24. Malware detected in firmware of cheap Android devices
  25. Microsoft’s analysis of Shamoon 2 attacks
  26. Analysis of Buhtrap malware
  27. Multiple vulnerabilities in McAfee VirusScan Enterprise for Linux
  28. Sophos Web Appliance multiple vulnerabilities
  29. SQLi in Teampass
  30. The state of WordPress security
  31. Cracking passwords on a 5k USD budget
  32. Escaping a restricted shell
  33. Disassembling Mirai
  34. Building botnet on ServiceWorkers
  35. Rig Exploit Kit campaign analysis
  36. Attacks of malicious Zcash miners
  37. Sofacy campaign analysis
  38. [PDF] Gamification of DDoS attacks
  39. Samsa ransomware analysis
  40. Analysis of a multi-malware campaign against financial institutions
  41. How scammers abuse Baidu search results
  42. TrickBot’s new campaign
  43. [PDF] Hiding pictures using conductive ink
  44. [PDF] Latest McAfee Threats Report
  45. Certificate Transparency monitoring tool
  46. Home routers security issues
  47. Reversing Huawei firmware
  48. [PDF] ENISA’s opinion paper on encryption
  49. Exploring 2FA by Apple
  50. Bypassing 2FA by Apple
  51. Rooting iOS 10.1.1

Did you enjoy this list? You can retweet it and subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *