IT Security Weekend Catch Up – December 9, 2016

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

On the non-technical side

  1. ThyssenKrupp secrets stolen in cyber attack
  2. China stole data from major U.S. law firms
  3. Spy agencies targeted in-flight mobile phone use
  4. Britain allegedly spied on OVH CEO
  5. Germany points fingers to Russian cyber
  6. Someone took over Israeli news program to broadcast the Muslim call to prayer
  7. Criminal group leader escapes justice
  8. McDonald’s drive-thru intercom hacked
  9. Large DDoS attack on Russian banks
  10. FB, Twitter, Microsoft and YouTube fighting terrorist content
  11. Fake US Embassy shut down in Ghana
  12. International telephony fraud case study
  13. Afghanistan government impostor story
  14. How a hacking campaign helped shut down an award-winning news site

On the technical side

  1. Battery status information used for fraud detection
  2. [PDF] Rise of the machines – an excellent report on the threats from IoT
  3. [PDF] Patchwork – a report on copy – paste APT
  4. Yahoo Mail stored XSS
  5. Facebook spam campaign with nude celebrity PDFs
  6. [PDF] Anatomy of IoT security
  7. Analysis of a simple userland rootkit
  8. Floki Bot analysis plus the second article
  9. TrickBot analysis
  10. A brief history of DDoS attacks
  11. Why Filippo Valsorda is giving up on PGP
  12. Roundcube RCE via email
  13. HP disables FTP and telnet in printers – in 2016…
  14. [PDF] Defeating sandbox evasion
  15. Malvertising using steganography
  16. AdGholas analysis
  17. Backdoor in Sony IPELA Engine IP Cameras
  18. Taking over 120k orphaned domains
  19. Vulnerabilities in a smart home device
  20. British ISP customers get their WiFi passwords stolen
  21. New race condition vulnerability in Linux kernel
  22. 1.4 billion records from Have I been pwned up for analysis
  23. Malware anti-detection techniques collection
  24. Vulnerabilities in SAP security software
  25. Description of a few DDoS attacks on a Cloudflare customer
  26. Secure Rom extraction on iPhone 6s
  27. Analysis of TR-064 attacks
  28. CVE-2016-0189 used in targeted attacks
  29. Shortcut files used in actual attacks
  30. Please reboot your Boeing 787 on a regular basis
  31. [PDF] Robust VISA credit card guessing attacks (plus summary)
  32. Bluescreen via WebGL
  33. Alcatel Lucent Omnivista RCE
  34. CVE-2016-7255 (Windows) analysis
  35. Bypassing Apple’s System Integrity Protection
  36. Using EventViewer to bypass UAC locally
  37. Visbot Magento malware
  38. WeChat censorship system
  39. New hashcat: 3.20
  40. War stories from Google VRP
  41. Belarus blocks Tor
  42. Continuous pwning of the top 1000 WordPress plugins
  43. New Mirai variant with DGA
  44. Hiding malware in PNG files
  45. RedStarOS 3.0 RCE
  46. A closer look at Mamba ransomware
  47. Authentication improvement at ProtonMail
  48. Hash encryption in Windows 10 Anniversary Update
  49. ImageMagick convert Tiff out of bounds write
  50. Malicious authentication bypass in OpenCart
  51. Spoofing the Edge address bar with the malware warning
  52. Further analysis of Shamoon 2
  53. Mobile ransomware
  54. Ransomware in 2016 – report
  55. Private Internet Access funds OpenVPN 2.4 audit
  56. Get a free decryption of your files if you infect others

Did you enjoy this list? Retweet it and subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *