IT Security Weekend Catch Up – December 9, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! Newsletter: Yes, you are a target (PDF)
  2. Australia’s anti-encryption law will merely relocate the backdoorsthe Internet reacts
  3. The Pakistan government is accusing me of a crime – and Twitter is acting as its messenger
  4. A quiet war rages over who can make money online
  5. Why a hacker exploited printers to make PewDiePie propaganda
  6. Feds say imprisoned hacker ran a drone smuggling ring
  7. The unbelievable tale of a fake hitman, a kill list, a darknet vigilante… and a murder
  8. Hacking Rihanna’s bank account
  9. Over 1500 money mules identified in worldwide money laundering sting
  10. He’s not cracked RSA-1024 encryption, he’s a very naughty Belarusian ransomware middleman
  11. Marriott’s 500 million hack came after a string of security breaches
  12. Emails of top NRCC officials stolen in major 2018 hack
  13. Apple security expert moves to ACLU as ‘public interest tech’ builds

For the more technical

  1. Cisco patches critical bug in license management tool
  2. Researchers discover SplitSpectre, a new Spectre-like CPU attack (PDF)
  3. Proxy request handling in kube-apiserver can leave vulnerable TCP connections
  4. PrestaShop Back Office remote code execution
  5. New Flash Player zero-day used against Russian facility
  6. RCE in PHP or how to bypass disable_functions in PHP installations
  7. XS-Searching Google’s bug tracker to find out vulnerable source code
  8. How I managed to get an @Google.com email address, bypassing their previous patch
  9. Billion Laugh Attack in sites.google.com
  10. Named vulnerabilities and their practical impact
  11. The SLoad Powershell threat is expanding to Italy
  12. Old dog, with new tricks – ISFB v3 loader (PDF)
  13. A landscape of OpenSSH backdoors (PDF)
  14. DanaBot evolves beyond banking Trojan with new spam-sending capability
  15. DarkVishnya: Banks attacked through direct connection to local network
  16. KoffeyMaker: notebook vs. ATM
  17. Magecart group ups ante: Now goes after admin credentials
  18. Mac malware combines EmPyre backdoor and XMRig miner
  19. Virut resurrects: Musings on long-term sinkholing
  20. Botnet of infected WordPress sites attacking WordPress sites
  21. Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
  22. A look inside Fancy Bear (APT28)
  23. Kaspersky Security Bulletin 2018. Top security stories
  24. Machine-to-Machine (M2M) technology design issues and implementation vulnerabilities
  25. EternalGlue: Releasing a worm into an enterprise network of a 100 billion dollar company
  26. Using innocent roles to hide admin users
  27. Intro to NFC payment relay attacks
  28. How to steal Ethers: scanning for vulnerable contracts
  29. Generic unpacking detection
  30. How malware can easily defeat Apple’s macOS security
  31. How to reset or recover Windows SYSKEY passwords
  32. On the security (or lack thereof) of the connected IoT thermostat
  33. OWASP Mobile Security Testing Guide 1.1.0

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *