IT Security Weekend Catch Up – December 22, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Changes in third-party content on European news websites after GDPR (PDF)
  2. On ghost users and messaging backdoors
  3. Indian government to intercept, monitor, and decrypt citizens’ computers
  4. China hacked HPE, IBM and then attacked clients
  5. Feds charge three in mass seizure of attack-for-hire services + more information
  6. European Union diplomatic communications ‘targeted by hackers’
  7. Potential personally identifiable information compromise of NASA servers
  8. Twitter’s support form hit by data breach
  9. Hackers deface Wall Street Journal with pro-PewDiePie message
  10. If you are not paying for it, you’re not the customer; you’re the product being sold
  11. Amazon error allowed Alexa user to eavesdrop on another home
  12. At Blind, a security lapse revealed private complaints from Silicon Valley employees
  13. Turning off Facebook location tracking doesn’t stop it from tracking your location
  14. This cybersecurity firm listens to the background ‘noise’ of the Internet
  15. Oops! EU Piracy Watchlist includes a perfectly legal site

For the more technical

  1. Getting an MD5 collision is is now trivial and instant
  2. Banking-grade credential stuffing: The futility of partial password validation
  3. Yet another text CAPTCHA solver (PDF)
  4. Researchers slam Hola VPN over absent encryption, user IP leaks
  5. Microsoft issues emergency update to fix critical IE flaw under active exploit
  6. Hacker discloses new unpatched Windows zero-day exploit on Twitter
  7. SQLite “Magellan” bug affects Chrome-based browsers, thousands of apps
  8. An inside look at two Jenkins security vulnerabilities
  9. Privilege escalation flaw discovered in the Cisco Adaptive Security Appliance
  10. $3k bug bounty – Twitter’s OAuth mistakes
  11. Reading ASP secrets for $17,000
  12. Exploiting an 18 year old bug
  13. Remotely controlled EV home chargers – the threats and vulnerabilities
  14. Remotely bricking a server
  15. BadUSB embedded into a USB cable
  16. US Ballistic Missile Defense System riddled with security flaws (PDF)
  17. A review of malware affecting macOS in 2018
  18. Android wallpaper apps found running ad fraud scheme
  19. Android SMS stealer
  20. Decrypting HiddenTear ransomware for free with HT Brute Forcer
  21. Inside of Danderspritz post-exploitation modules
  22. Cybercriminals use malicious memes that communicate with malware
  23. Connecting the dots between recently active cryptominers
  24. Sandboxed malware may control your pasteboard
  25. Signing phishing mails to fake trust
  26. Widespread Apple ID phishing attack pretends to be App Store receipts
  27. Large campaigns of phishing attacks in Middle East and North Africa
  28. With Mirai comes Miori: IoT botnet delivered via ThinkPHP remote code execution exploit
  29. APT33 may be behind a series of intrusions within the engineering industry
  30. A new method for decrypting WhatsApp backups
  31. Six ways to decrypt iPhone passwords from the keychain
  32. Android Pie à la mode: security & privacy
  33. Microsoft unveils Windows Sandbox

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *