Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Authorities shut down xDedic marketplace for buying hacked servers + more information
- Authorities across the world going after users of biggest DDoS-for-hire website
- I helped catch Silk Road boss Ross Ulbricht: Undercover agent tells all
- Man evades capture for 15 years by using fingerprint implants
- Genealogy company allowing FBI to use private DNA database
- US ratchets up the pressure on Huawei with new indictments
- ICE set up a fake university. Hundreds enrolled, not realizing it was a sting operation
- Just two hacker groups may have stolen $1 billion in cryptocurrency
- Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison
- How a teenage 'Fortnite' player found Apple's FaceTime bug
- Spotify fake artists return – but who’s faking plays within user accounts?
- Tricking autonomous driving systems could be as simple as subtly altering street signs
- The FCCC's annual survey of correspondent members is complete. The results are grim (PDF)
- Ex-NSA cyberspies reveal how they helped hack foes of UAE
- 'Karma': Inside the hack used by the UAE to break into iPhones of foes
- India’s largest bank SBI leaked account data on millions of customers
- Airbus suffers data breach, some employees' data exposed
- Russia and China poised to cripple US power grid, gas pipelines at a moment's notice
- How Facebook trains content moderators to put out ‘PR fires’ during elections
- I cut Google out of my life. It screwed up everything
For the more technical
- New security flaw impacts 5G, 4G, and 3G telephony protocols (PDF)
- Abusing Exchange: One API call away from Domain Admin
- LibreOffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
- CTF Writeup: Complex Drupal POP chain
- Enabling Adminless mode on Windows 10 SMode
- Exploit for iOS 11.4.x to 12.1.2 released by Google Project Zero
- An analysis of jailbreak detection methods and the tools used to evade them
- Hackers target Cisco routers via recently patched flaws + more information
- A not so well done phish (why attackers need to implement IPv6 now)
- New campaign delivers Orcus RAT
- AZORult: Now, as a signed “Google Update”
- Spam injector disguised as license key in WordPress website
- Siri Shortcuts can be abused for extortion demands, malware propagation
- Analyzing a new stealer written in Golang
- Criminals are tapping into the phone network backbone to empty bank accounts
- Widespread DNS hijacking activity targets multiple sectors
- DOJ moves to take down Joanap botnet operated by North Korean state hackers
- APT39: An Iranian cyber espionage group focused on personal information
- Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
- Russians on the darknet: Marketplaces & forums
- A look back at the DDoS trends of 2018
- The 2019 state of password and authentication security behaviors report (PDF)
- Securing and extracting health data: Apple Health vs. Google Fit
- Unsecured access to personal data of a million Leo Express users
- Hackers are passing around a megaleak of 2.2 billion records
- Discarded smart lightbulbs reveal your wifi passwords, stored in the clear
- Dissecting Logitech options on macOS
- Identifying SSD controller and NAND configuration
- Study finds most keyless cars vulnerable to hacks
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments