IT Security Weekend Catch Up – December 8, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. 228 arrests and over 3800 money mules identified in global action against money laundering
  2. 30 506 internet domain names shut down for intellectual property infringement
  3. FBI asked Sony for data on user who allegedly used PlayStation Network to sell cocaine
  4. Evernote gave Dark Web dealer’s notes to the DEA
  5. Alleged Russian hacker behind $100 million Evil Corp indicted
  6. BMW infiltrated by hackers hunting for automotive trade secrets
  7. Millions of Americans at risk after huge data and SMS leak
  8. New Chair of EFF’s Board of Directors: Renowned legal expert Pamela Samuelson

For the more technical

  1. A full browser compromise exploit chain targeting Firefox on Windows
  2. Severe auth bypass and priv-esc vulnerabilities disclosed in OpenBSD
  3. StrandHogg Android vulnerability allows malware to hijack legitimate apps
  4. StrandHogg was misused by the BankBot Android banking trojan
  5. Android Security Bulletin—December 2019
  6. Pixel Update Bulletin—December 2019
  7. An update on Android TLS adoption
  8. The iPhone 11 Pro’s location data puzzler
  9. Apple explains mysterious iPhone 11 location requests
  10. Inferring and hijacking VPN-tunneled TCP connections
  11. Vulnerability in Aviatrix VPN
  12. Two malicious Python libraries caught stealing SSH and GPG keys
  13. Breaking the rules: A tough Outlook for home page attacks (CVE-2017-11774)
  14. The most copied StackOverflow snippet of all time is flawed
  15. BlackDirect: Microsoft Azure account takeover
  16. Mobile cyberespionage campaign distributed through CallerSpy mounts initial phase of a targeted attack
  17. Lazarus group goes ‘fileless’
  18. New version of IcedID Trojan uses steganographic payloads
  19. New destructive wiper “ZeroCleare” targets energy sector in the Middle East (PDF)
  20. Biometric data processing and storage system threats
  21. APT review: what the world’s threat actors got up to in 2019
  22. xHunt actor’s cheat sheet
  23. Cloning EMV cards with the pre-play attack (PDF)
  24. New vulnerabilities in Contactless Payments (PDF)
  25. PCI Contactless Payments on COTS
  26. HackerOne breach lets outside hacker read customers’ private bug reports
  27. A successful BEC leveraging lookalike domains
  28. Stealthy attacks against robotic vehicles protected by control-based techniques (PDF)

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *