IT Security Weekend Catch Up – December 17, 2017

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. HBO negotiated with hackers
  2. Possible explanation of sonic attacks in Cuba
  3. German intelligence warns of increased Chinese cyberspying
  4. ISIS document leak helped to indict Mancherster man
  5. AFRICOM conversations transmitted over open phone line
  6. Australian airport hacked, information stolen
  7. Uber’s massive data scraping program
  8. Porn websites used to create artificial web traffic
  9. Amateur research revealed the identity of a serial killer
  10. A very sophisticated crime group
  11. Russian threat to submarine cables
  12. Italian prosecutor closes investigation into Hacking Team incident
  13. Great story on the history of Mirai botnet
  14. Mirai creators plead guilty
  15. Interview with Brian Krebs

For the more technical

  1. Keylogger implemented in keyboard driver in HP laptops and patches
  2. Recovering records deleted from logs with NSA tool
  3. Security flaws in programming languages
  4. Google publishes details of an iOS exploit
  5. Analysis of MoneyTaker group activity
  6. Talos tools revealed – Mutiny Fuzzing Framework and Decept Proxy
  7. debugProxy, another HTTP(S) debugfing tool
  8. ROBOT – new cryptographic attack
  9. An inside view of a password stealer
  10. Iranian APT analysis
  11. APT34 activity analysis
  12. Huge credential database leaked
  13. New DDoS attacks on web applications
  14. Phishing with EV certificates
  15. Satori network traffic analysis
  16. Satori technical analysis
  17. Banking malware targets polish banks
  18. Turning off DDE mechanisms in MS Word
  19. Analysis of CVE-2017-11882 exploit (Word)
  20. Code reuse in Lazarus attacks
  21. Analysis of a skimmer found in London
  22. Machine learning powering Windows Defendera
  23. Exim exploit details
  24. Creating a CVE-2017-11826 exploit
  25. Analysis of Patchwork APT activity (PDF)
  26. Breaking HSTS and HPKP on Firefox
  27. BrickerBot author retires/
  28. From markdown to RCE in Atom
  29. Zeus Panda phishing campaign
  30. Race condition in Android UI
  31. Hiding content in Git via escape sequences
  32. Host header injection for password reset
  33. Mobile game with trojan horse included
  34. RCE on Palo Alto firewalls
  35. TP-Link consuming huge amount of data traffic
  36. Remote root in Linksys wireless video bridges
  37. „Securing the Digital Economy” – Veracode report
  38. Attacks with XXE)
  39. Fingerprinting MySQL with Scannerl
  40. Starbucks WiFi provider mining cryptocurrency on customers computers
  41. Popular destinations rerouted to Russia
  42. Process Doppelgänging – new Windows attack
  43. vBulletin critical vulnerability
  44. MiTM on Fox-IT network
  45. GitHub used to host malicious cryptominer
  46. Azure AD Connect flaw
  47. OilRig APT activity analysis
  48. Cloudflare combatting phishing with DNS
  49. Triton – new framework targeting ICS
  50. Technical details of Triton framework + another report
  51. Akamai DDoS report (PDF)
  52. Gun safe hacked with Bluetooth
  53. ThunderShell tool analysis
  54. How Google secures communication between its datacenters
  55. BAT files used to conduct banking attacks
  56. PasteHunter tool review
  57. Attacking big business
  58. Conficker/Downad’s 9th birthday
  59. ParseDroid – Android developer tool vulnerability
  60. Most dangerous TLDs
  61. ConfuserEx analysis
  62. Digital security guide
  63. Simple security planner

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *