IT Security Weekend Catch Up – February 10, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Huawei security issues will take five years to fix, firm tells Commons
  2. Huawei sting offers rare glimpse of the U.S. targeting a Chinese giant
  3. China hacked Norway’s Visma to steal client secrets
  4. Federal MPs’ computer network hacked in possible foreign government attack
  5. China’s new cybersecurity measures allow state police to remotely access company systems
  6. Is China’s corruption-busting AI system ‘Zero Trust’ being turned off for being too efficient?
  7. Chinese man Jizhong Chen ‘stole Apple’s future-car secrets for company in China’
  8. US Senators ask DHS to look into US government workers using foreign VPNs
  9. How online amateur “jihadist hunter” sparked terror alert in Rotterdam
  10. Online organized crime ring operating out of Romania victimized thousands of U.S. residents
  11. Phishers target anti-money laundering officers at U.S. credit unions
  12. Crooks continue to exploit GoDaddy hole
  13. I won’t bother hunting and reporting more Sony zero-days, because all I’d get is a lousy t-shirt
  14. Researcher assaulted by a vendor after disclosing a vulnerability
  15. Programmer finds ridiculous ATM flaw that let him withdraw $1 million in cash
  16. A bank wants to recover the $81 million North Korea allegedly stole
  17. Glowing reviews tout counterfeit cash on the dark web
  18. Cybercriminals claim to be selling the ability to manipulate media outlets’ articles
  19. More alleged SIM swappers face justice
  20. How hackers and scammers break into iCloud-locked iPhones
  21. Hundreds of bounty hunters had access to AT&T, T-Mobile, and Sprint customer location data for years
  22. How a young woman followed two hackers’ lies to her death
  23. Hackers allegedly caught on video stealing Tesla Model S, struggling to unplug charger

For the more technical

  1. Reverse RDP attack: Code execution on RDP clients
  2. Skia graphics library: The curious case of convexity confusion
  3. Google Chrome: Remote code execution attack chain
  4. Major security breach found in hospital and supermarket refrigeration systems
  5. Researcher reveals huge Mac password flaw to protest Apple bug bounty
  6. Vulnerabilities in Tightrope Media Systems Carousel
  7. Struts vulnerability CVE-2017-5638 on VMware vCenter – the gift that keeps on giving
  8. Scanning for WebDAV PROPFIND exploiting CVE-2017-7269
  9. Unsecured MongoDB databases expose Kremlin’s backdoor into Russian businesses
  10. Zcash discloses vulnerability that could have allowed ‘infinite counterfeit’ cryptocurrency
  11. QuadrigaCX chain analysis report: Bitcoin wallets
  12. ExileRAT shares C2 with LuckyCat, targets Tibet
  13. DanaBot updated with new C&C communication
  14. IcedID operators using ATSEngine injection panel to hit e-commerce sites
  15. First clipper malware discovered on Google Play
  16. Popular South Korean bus app series in Google Play found dropping malware after 5 years of development
  17. Triout Android spyware framework makes a comeback, abusing app with 50 million downloads
  18. Clever phishing attack enlists Google Translate to spoof login page
  19. Phishing kit with JavaScript keylogger
  20. BEC attack identified; mimics Doodle poll to “reschedule” board meeting
  21. Obfuscated JavaScript, scam emails, and American Express
  22. New scam holds YouTube channels for ransom + more information
  23. This DDoS attack unleashed the most packets per second ever
  24. A fresh look on reverse proxy related attacks
  25. Mitigations against Mimikatz style attacks
  26. I scanned the whole country of Austria and this is what I’ve found
  27. APT10 targeted Norwegian MSP and US companies in sustained campaign
  28. Many popular iPhone apps secretly record your screen without asking
  29. Protect your accounts from data breaches with Password Checkup
  30. Introducing Adiantum: Encryption for the next billion users
  31. iPhone physical acquisition: iOS 11.4 and 11.4.1
  32. Open sourcing ClusterFuzz
  33. Auditing Rust crypto: The first hours

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *