Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- HBO negotiated with hackers
- Possible explanation of sonic attacks in Cuba
- German intelligence warns of increased Chinese cyberspying
- ISIS document leak helped to indict Mancherster man
- AFRICOM conversations transmitted over open phone line
- Australian airport hacked, information stolen
- Uber’s massive data scraping program
- Porn websites used to create artificial web traffic
- Amateur research revealed the identity of a serial killer
- A very sophisticated crime group
- Russian threat to submarine cables
- Italian prosecutor closes investigation into Hacking Team incident
- Great story on the history of Mirai botnet
- Mirai creators plead guilty
- Interview with Brian Krebs
For the more technical
- Keylogger implemented in keyboard driver in HP laptops and patches
- Recovering records deleted from logs with NSA tool
- Security flaws in programming languages
- Google publishes details of an iOS exploit
- Analysis of MoneyTaker group activity
- Talos tools revealed – Mutiny Fuzzing Framework and Decept Proxy
- debugProxy, another HTTP(S) debugfing tool
- ROBOT – new cryptographic attack
- An inside view of a password stealer
- Iranian APT analysis
- APT34 activity analysis
- Huge credential database leaked
- New DDoS attacks on web applications
- Phishing with EV certificates
- Satori network traffic analysis
- Satori technical analysis
- Banking malware targets polish banks
- Turning off DDE mechanisms in MS Word
- Analysis of CVE-2017-11882 exploit (Word)
- Code reuse in Lazarus attacks
- Analysis of a skimmer found in London
- Machine learning powering Windows Defendera
- Exim exploit details
- Creating a CVE-2017-11826 exploit
- Analysis of Patchwork APT activity (PDF)
- Breaking HSTS and HPKP on Firefox
- BrickerBot author retires/
- From markdown to RCE in Atom
- Zeus Panda phishing campaign
- Race condition in Android UI
- Hiding content in Git via escape sequences
- Host header injection for password reset
- Mobile game with trojan horse included
- RCE on Palo Alto firewalls
- TP-Link consuming huge amount of data traffic
- Remote root in Linksys wireless video bridges
- „Securing the Digital Economy” – Veracode report
- Attacks with XXE)
- Fingerprinting MySQL with Scannerl
- Starbucks WiFi provider mining cryptocurrency on customers computers
- Popular destinations rerouted to Russia
- Process Doppelgänging – new Windows attack
- vBulletin critical vulnerability
- MiTM on Fox-IT network
- GitHub used to host malicious cryptominer
- Azure AD Connect flaw
- OilRig APT activity analysis
- Cloudflare combatting phishing with DNS
- Triton – new framework targeting ICS
- Technical details of Triton framework + another report
- Akamai DDoS report (PDF)
- Gun safe hacked with Bluetooth
- ThunderShell tool analysis
- How Google secures communication between its datacenters
- BAT files used to conduct banking attacks
- PasteHunter tool review
- Attacking big business
- Conficker/Downad’s 9th birthday
- ParseDroid – Android developer tool vulnerability
- Most dangerous TLDs
- ConfuserEx analysis
- Digital security guide
- Simple security planner
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – December 17, 2017”