IT Security Weekend Catch Up – February 2, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Authorities shut down xDedic marketplace for buying hacked servers + more information
  2. Authorities across the world going after users of biggest DDoS-for-hire website
  3. I helped catch Silk Road boss Ross Ulbricht: Undercover agent tells all
  4. Man evades capture for 15 years by using fingerprint implants
  5. Genealogy company allowing FBI to use private DNA database
  6. US ratchets up the pressure on Huawei with new indictments
  7. ICE set up a fake university. Hundreds enrolled, not realizing it was a sting operation
  8. Just two hacker groups may have stolen $1 billion in cryptocurrency
  9. Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison
  10. How a teenage ‘Fortnite’ player found Apple’s FaceTime bug
  11. Spotify fake artists return – but who’s faking plays within user accounts?
  12. Tricking autonomous driving systems could be as simple as subtly altering street signs
  13. The FCCC’s annual survey of correspondent members is complete. The results are grim (PDF)
  14. Ex-NSA cyberspies reveal how they helped hack foes of UAE
  15. ‘Karma’: Inside the hack used by the UAE to break into iPhones of foes
  16. India’s largest bank SBI leaked account data on millions of customers
  17. Airbus suffers data breach, some employees’ data exposed
  18. Russia and China poised to cripple US power grid, gas pipelines at a moment’s notice
  19. How Facebook trains content moderators to put out ‘PR fires’ during elections
  20. I cut Google out of my life. It screwed up everything

For the more technical

  1. New security flaw impacts 5G, 4G, and 3G telephony protocols (PDF)
  2. Abusing Exchange: One API call away from Domain Admin
  3. LibreOffice (CVE-2018-16858) – Remote Code Execution via Macro/Event execution
  4. CTF Writeup: Complex Drupal POP chain
  5. Enabling Adminless mode on Windows 10 SMode
  6. Exploit for iOS 11.4.x to 12.1.2 released by Google Project Zero
  7. An analysis of jailbreak detection methods and the tools used to evade them
  8. Hackers target Cisco routers via recently patched flaws + more information
  9. A not so well done phish (why attackers need to implement IPv6 now)
  10. New campaign delivers Orcus RAT
  11. AZORult: Now, as a signed “Google Update”
  12. Spam injector disguised as license key in WordPress website
  13. Siri Shortcuts can be abused for extortion demands, malware propagation
  14. Analyzing a new stealer written in Golang
  15. Criminals are tapping into the phone network backbone to empty bank accounts
  16. Widespread DNS hijacking activity targets multiple sectors
  17. DOJ moves to take down Joanap botnet operated by North Korean state hackers
  18. APT39: An Iranian cyber espionage group focused on personal information
  19. Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
  20. Russians on the darknet: Marketplaces & forums
  21. A look back at the DDoS trends of 2018
  22. The 2019 state of password and authentication security behaviors report (PDF)
  23. Securing and extracting health data: Apple Health vs. Google Fit
  24. Unsecured access to personal data of a million Leo Express users
  25. Hackers are passing around a megaleak of 2.2 billion records
  26. Discarded smart lightbulbs reveal your wifi passwords, stored in the clear
  27. Dissecting Logitech options on macOS
  28. Identifying SSD controller and NAND configuration
  29. Study finds most keyless cars vulnerable to hacks

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *