IT Security Weekend Catch Up – February 2, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. Authorities shut down xDedic marketplace for buying hacked servers + more information
2. Authorities across the world going after users of biggest DDoS-for-hire website
3. I helped catch Silk Road boss Ross Ulbricht: Undercover agent tells all
4. Man evades capture for 15 years by using fingerprint implants
5. Genealogy company allowing FBI to use private DNA database
6. US ratchets up the pressure on Huawei with new indictments
7. ICE set up a fake university. Hundreds enrolled, not realizing it was a sting operation
8. Just two hacker groups may have stolen $1 billion in cryptocurrency
9. Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison
10. How a teenage ‘Fortnite’ player found Apple’s FaceTime bug
11. Spotify fake artists return – but who’s faking plays within user accounts?
12. Tricking autonomous driving systems could be as simple as subtly altering street signs
13. The FCCC’s annual survey of correspondent members is complete. The results are grim (PDF)
14. Ex-NSA cyberspies reveal how they helped hack foes of UAE
15. ‘Karma’: Inside the hack used by the UAE to break into iPhones of foes
16. India’s largest bank SBI leaked account data on millions of customers
17. Airbus suffers data breach, some employees’ data exposed
18. Russia and China poised to cripple US power grid, gas pipelines at a moment’s notice
19. How Facebook trains content moderators to put out ‘PR fires’ during elections
20. I cut Google out of my life. It screwed up everything

For the more technical

1. New security flaw impacts 5G, 4G, and 3G telephony protocols (PDF)
2. Abusing Exchange: One API call away from Domain Admin
3. LibreOffice (CVE-2018-16858) – Remote Code Execution via Macro/Event execution
4. CTF Writeup: Complex Drupal POP chain
5. Enabling Adminless mode on Windows 10 SMode
6. Exploit for iOS 11.4.x to 12.1.2 released by Google Project Zero
7. An analysis of jailbreak detection methods and the tools used to evade them
8. Hackers target Cisco routers via recently patched flaws + more information
9. A not so well done phish (why attackers need to implement IPv6 now)
10. New campaign delivers Orcus RAT
11. AZORult: Now, as a signed “Google Update”
12. Spam injector disguised as license key in WordPress website
13. Siri Shortcuts can be abused for extortion demands, malware propagation
14. Analyzing a new stealer written in Golang
15. Criminals are tapping into the phone network backbone to empty bank accounts
16. Widespread DNS hijacking activity targets multiple sectors
17. DOJ moves to take down Joanap botnet operated by North Korean state hackers
18. APT39: An Iranian cyber espionage group focused on personal information
19. Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
20. Russians on the darknet: Marketplaces & forums
21. A look back at the DDoS trends of 2018
22. The 2019 state of password and authentication security behaviors report (PDF)
23. Securing and extracting health data: Apple Health vs. Google Fit
24. Unsecured access to personal data of a million Leo Express users
25. Hackers are passing around a megaleak of 2.2 billion records
26. Discarded smart lightbulbs reveal your wifi passwords, stored in the clear
27. Dissecting Logitech options on macOS
28. Identifying SSD controller and NAND configuration
29. Study finds most keyless cars vulnerable to hacks

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.