IT Security Weekend Catch Up – December 29, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. The best stories on hacking and information security of 2018
2. The bleak picture of two-factor authentication adoption in the wild
3. In January, the EU starts running bug bounties on free and open source software
4. Hot tub hack reveals washed-up security protection
5. Doxxing pirates or even anti-pirates is no way to solve disputes
6. Selling pirate movies & putting the money in a personal PayPal account is insane
7. Serial swatter and stalker Mir Islam arrested for allegedly dumping body in river

For the more technical

1. ZeroNights 2018 – materials
2. Windows zero-day PoC lets you read any file with System level access
3. Detecting use of SandboxEscaper’s “MsiAdvertiseProduct” 0-day PoC
4. Cisco Prime License Manager SQL injection vulnerability
5. Hacking the Twinkly IoT Christmas lights
6. Hackers make a fake hand to beat vein authentication
7. Remote firmware attack renders servers unbootable
8. Major flaws in Guardzilla cameras allow remote hijack of the security device
9. Over 19,000 Orange Livebox ADSL modems are leaking their WiFi credentials
10. Wormable stored XSS on WordPress.org
11. ‘Serious’ Twitter flaw allows hackers to post on other people’s accounts
12. Four months after its debut, sneaky Mac malware went undetected by AV providers
13. There’s a fake Amazon Alexa ‘Setup’ app climbing App Store charts
14. Shamoon attackers employ new tool kit to wipe infected systems
15. Modified open-source wiper contains verse from the Quran
16. JungleSec ransomware infects victims through IPMI remote consoles
17. Sofacy creates new ‘Go’ variant of Zebrocy tool
18. Progression of APT28/Sofacy Golang Zebrocy loader ‘Project2.Go’: WMIC & hex decode
19. Analysis of the latest Emotet propagation campaign
20. Season’s greetings from Ursnif
21. Dissecting the Danabot paylaod targeting Italy
22. Matryoshka phish
23. Threats of terror pervade recent extortion phishing campaigns
24. Three-year campaign targets Russian critical infrastructure
25. Hacking group “Charming Kitten” targets nuclear experts and Treasury officials
26. Chinese malicious cyber activity
27. The MITRE ATT&CK framework
28. Head-to-head evaluation of six password managers

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.