Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Huawei security issues will take five years to fix, firm tells Commons
- Huawei sting offers rare glimpse of the U.S. targeting a Chinese giant
- China hacked Norway’s Visma to steal client secrets
- Federal MPs’ computer network hacked in possible foreign government attack
- China’s new cybersecurity measures allow state police to remotely access company systems
- Is China’s corruption-busting AI system ‘Zero Trust’ being turned off for being too efficient?
- Chinese man Jizhong Chen ‘stole Apple’s future-car secrets for company in China’
- US Senators ask DHS to look into US government workers using foreign VPNs
- How online amateur “jihadist hunter” sparked terror alert in Rotterdam
- Online organized crime ring operating out of Romania victimized thousands of U.S. residents
- Phishers target anti-money laundering officers at U.S. credit unions
- Crooks continue to exploit GoDaddy hole
- I won’t bother hunting and reporting more Sony zero-days, because all I’d get is a lousy t-shirt
- Researcher assaulted by a vendor after disclosing a vulnerability
- Programmer finds ridiculous ATM flaw that let him withdraw $1 million in cash
- A bank wants to recover the $81 million North Korea allegedly stole
- Glowing reviews tout counterfeit cash on the dark web
- Cybercriminals claim to be selling the ability to manipulate media outlets’ articles
- More alleged SIM swappers face justice
- How hackers and scammers break into iCloud-locked iPhones
- Hundreds of bounty hunters had access to AT&T, T-Mobile, and Sprint customer location data for years
- How a young woman followed two hackers’ lies to her death
- Hackers allegedly caught on video stealing Tesla Model S, struggling to unplug charger
For the more technical
- Reverse RDP attack: Code execution on RDP clients
- Skia graphics library: The curious case of convexity confusion
- Google Chrome: Remote code execution attack chain
- Major security breach found in hospital and supermarket refrigeration systems
- Researcher reveals huge Mac password flaw to protest Apple bug bounty
- Vulnerabilities in Tightrope Media Systems Carousel
- Struts vulnerability CVE-2017-5638 on VMware vCenter – the gift that keeps on giving
- Scanning for WebDAV PROPFIND exploiting CVE-2017-7269
- Unsecured MongoDB databases expose Kremlin’s backdoor into Russian businesses
- Zcash discloses vulnerability that could have allowed ‘infinite counterfeit’ cryptocurrency
- QuadrigaCX chain analysis report: Bitcoin wallets
- ExileRAT shares C2 with LuckyCat, targets Tibet
- DanaBot updated with new C&C communication
- IcedID operators using ATSEngine injection panel to hit e-commerce sites
- First clipper malware discovered on Google Play
- Popular South Korean bus app series in Google Play found dropping malware after 5 years of development
- Triout Android spyware framework makes a comeback, abusing app with 50 million downloads
- Clever phishing attack enlists Google Translate to spoof login page
- Phishing kit with JavaScript keylogger
- BEC attack identified; mimics Doodle poll to “reschedule” board meeting
- Obfuscated JavaScript, scam emails, and American Express
- New scam holds YouTube channels for ransom + more information
- This DDoS attack unleashed the most packets per second ever
- A fresh look on reverse proxy related attacks
- Mitigations against Mimikatz style attacks
- I scanned the whole country of Austria and this is what I’ve found
- APT10 targeted Norwegian MSP and US companies in sustained campaign
- Many popular iPhone apps secretly record your screen without asking
- Protect your accounts from data breaches with Password Checkup
- Introducing Adiantum: Encryption for the next billion users
- iPhone physical acquisition: iOS 11.4 and 11.4.1
- Open sourcing ClusterFuzz
- Auditing Rust crypto: The first hours
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – February 10, 2019”