IT Security Weekend Catch Up – December 29, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. The best stories on hacking and information security of 2018
  2. The bleak picture of two-factor authentication adoption in the wild
  3. In January, the EU starts running bug bounties on free and open source software
  4. Hot tub hack reveals washed-up security protection
  5. Doxxing pirates or even anti-pirates is no way to solve disputes
  6. Selling pirate movies & putting the money in a personal PayPal account is insane
  7. Serial swatter and stalker Mir Islam arrested for allegedly dumping body in river

For the more technical

  1. ZeroNights 2018 – materials
  2. Windows zero-day PoC lets you read any file with System level access
  3. Detecting use of SandboxEscaper’s “MsiAdvertiseProduct” 0-day PoC
  4. Cisco Prime License Manager SQL injection vulnerability
  5. Hacking the Twinkly IoT Christmas lights
  6. Hackers make a fake hand to beat vein authentication
  7. Remote firmware attack renders servers unbootable
  8. Major flaws in Guardzilla cameras allow remote hijack of the security device
  9. Over 19,000 Orange Livebox ADSL modems are leaking their WiFi credentials
  10. Wormable stored XSS on WordPress.org
  11. ‘Serious’ Twitter flaw allows hackers to post on other people’s accounts
  12. Four months after its debut, sneaky Mac malware went undetected by AV providers
  13. There’s a fake Amazon Alexa ‘Setup’ app climbing App Store charts
  14. Shamoon attackers employ new tool kit to wipe infected systems
  15. Modified open-source wiper contains verse from the Quran
  16. JungleSec ransomware infects victims through IPMI remote consoles
  17. Sofacy creates new ‘Go’ variant of Zebrocy tool
  18. Progression of APT28/Sofacy Golang Zebrocy loader ‘Project2.Go’: WMIC & hex decode
  19. Analysis of the latest Emotet propagation campaign
  20. Season’s greetings from Ursnif
  21. Dissecting the Danabot paylaod targeting Italy
  22. Matryoshka phish
  23. Threats of terror pervade recent extortion phishing campaigns
  24. Three-year campaign targets Russian critical infrastructure
  25. Hacking group “Charming Kitten” targets nuclear experts and Treasury officials
  26. Chinese malicious cyber activity
  27. The MITRE ATT&CK framework
  28. Head-to-head evaluation of six password managers

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *