Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- OUCH! Newsletter: Personalized scams (PDF)
- Navigating the murky waters of Android banking malware
- Facebook uses its apps to track users it thinks could threaten employees and offices
- Working at Google Project Zero
- The curious case of the garden state imposter
- Hollywood uses ‘false Whois’ domain suspensions as anti-piracy tool
- A new tool protects videos from deepfakes and tampering
- NATO group catfished soldiers to prove a point about privacy
- Venezuela’s government appears to be trying to hack activists with phishing pages
- China has abandoned a cybersecurity truce with the U.S., report says
- The Russian sleuth who outs Moscow’s elite hackers and assassins
- The search for Denis Sergeev: Photographing a ghost
- Kremlin accused her of being a U.S. spy. She offered to go to Moscow
- On YouTube, a network of paedophiles is hiding in plain sight
- Cybercrime groups promising $360,000 annual salaries to accomplices
- Mt. Gox was riddled with price manipulation, data mining reveals
- Hacker puts up for sale third round of hacked databases on the Dark Web
- Nike’s self-lacing sneakers turn into bricks after faulty firmware update
For the more technical
- PoC exploit code for recent container escape flaw in runC published online
- Microsoft Edge lets run Flash code behind users’ backs
- Extracting a 19 year old code execution from WinRAR
- No source code for a 14-year old vulnerable DLL? No problem
- MikroTik firewall & NAT bypass – exploitation from WAN to LAN
- Critical Drupal vulnerability allows remote code execution
- Exploiting Drupal8’s REST RCE
- Hacking Jenkins part 1 – play with Dynamic Routing
- Hacking Jenkins part 2 – abusing meta programming for unauthenticated RCE
- Unveiling Amazon S3 bucket names
- Experts found a remote code execution flaw in WordPress 5.0.0
- Facebook CSRF protection bypass which leads to Account Takeover
- A deep dive on the recent widespread DNS hijacking attacks
- Detecting web attacks with a Seq2Seq autoencoder
- 2019 CrowdStrike Global Threat Report
- Ethics need not apply: The dark side of law
- Torrent sites ban popular uploader ‘CracksNow’ for sharing ransomware
- New decryption tool released for latest version of GandCrab ransomware
- Oracle exposes “DrainerBot” mobile ad fraud operation
- Hackers use compromised banks as starting points for phishing attacks
- When sharing isn’t caring: Phishing attacks are abusing file-sharing sites
- Hackers use fake Google reCAPTCHA to cloak banking malware
- A closer look at why the QakBot malware is so dangerous
- Several cryptojacking apps found on Microsoft Store
- ATM robber WinPot: a slot machine instead of cutlets
- New breed of fuel pump skimmer? Not really
- iOS 12 rootless jailbreak
- Physical extraction and file system imaging of iOS 12 devices
- Technical and legal implications of iOS file system acquisition
- Hacking virtual reality – researchers exploit popular Bigscreen VR app
- Why does Mozilla maintain our own root certificate store?
- LKRG 0.6 available for download
- New release: OnionShare 2
- [VIDEO] Don’t try this at home: Chip decapsulation
- How reliable are SSDs?
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
2 thoughts on “IT Security Weekend Catch Up – February 23, 2019”