Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- OUCH! Newsletter: Yes, you are a target (PDF)
- Australia’s anti-encryption law will merely relocate the backdoors + the Internet reacts
- The Pakistan government is accusing me of a crime – and Twitter is acting as its messenger
- A quiet war rages over who can make money online
- Why a hacker exploited printers to make PewDiePie propaganda
- Feds say imprisoned hacker ran a drone smuggling ring
- The unbelievable tale of a fake hitman, a kill list, a darknet vigilante… and a murder
- Hacking Rihanna’s bank account
- Over 1500 money mules identified in worldwide money laundering sting
- He’s not cracked RSA-1024 encryption, he’s a very naughty Belarusian ransomware middleman
- Marriott’s 500 million hack came after a string of security breaches
- Emails of top NRCC officials stolen in major 2018 hack
- Apple security expert moves to ACLU as ‘public interest tech’ builds
For the more technical
- Cisco patches critical bug in license management tool
- Researchers discover SplitSpectre, a new Spectre-like CPU attack (PDF)
- Proxy request handling in kube-apiserver can leave vulnerable TCP connections
- PrestaShop Back Office remote code execution
- New Flash Player zero-day used against Russian facility
- RCE in PHP or how to bypass disable_functions in PHP installations
- XS-Searching Google’s bug tracker to find out vulnerable source code
- How I managed to get an @Google.com email address, bypassing their previous patch
- Billion Laugh Attack in sites.google.com
- Named vulnerabilities and their practical impact
- The SLoad Powershell threat is expanding to Italy
- Old dog, with new tricks – ISFB v3 loader (PDF)
- A landscape of OpenSSH backdoors (PDF)
- DanaBot evolves beyond banking Trojan with new spam-sending capability
- DarkVishnya: Banks attacked through direct connection to local network
- KoffeyMaker: notebook vs. ATM
- Magecart group ups ante: Now goes after admin credentials
- Mac malware combines EmPyre backdoor and XMRig miner
- Virut resurrects: Musings on long-term sinkholing
- Botnet of infected WordPress sites attacking WordPress sites
- Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
- A look inside Fancy Bear (APT28)
- Kaspersky Security Bulletin 2018. Top security stories
- Machine-to-Machine (M2M) technology design issues and implementation vulnerabilities
- EternalGlue: Releasing a worm into an enterprise network of a 100 billion dollar company
- Using innocent roles to hide admin users
- Intro to NFC payment relay attacks
- How to steal Ethers: scanning for vulnerable contracts
- Generic unpacking detection
- How malware can easily defeat Apple’s macOS security
- How to reset or recover Windows SYSKEY passwords
- On the security (or lack thereof) of the connected IoT thermostat
- OWASP Mobile Security Testing Guide 1.1.0
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – December 9, 2018”