IT Security Weekend Catch Up – February 23, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! Newsletter: Personalized scams (PDF)
  2. Navigating the murky waters of Android banking malware
  3. Facebook uses its apps to track users it thinks could threaten employees and offices
  4. Working at Google Project Zero
  5. The curious case of the garden state imposter
  6. Hollywood uses ‘false Whois’ domain suspensions as anti-piracy tool
  7. A new tool protects videos from deepfakes and tampering
  8. NATO group catfished soldiers to prove a point about privacy
  9. Venezuela’s government appears to be trying to hack activists with phishing pages
  10. China has abandoned a cybersecurity truce with the U.S., report says
  11. The Russian sleuth who outs Moscow’s elite hackers and assassins
  12. The search for Denis Sergeev: Photographing a ghost
  13. Kremlin accused her of being a U.S. spy. She offered to go to Moscow
  14. On YouTube, a network of paedophiles is hiding in plain sight
  15. Cybercrime groups promising $360,000 annual salaries to accomplices
  16. Mt. Gox was riddled with price manipulation, data mining reveals
  17. Hacker puts up for sale third round of hacked databases on the Dark Web
  18. Nike’s self-lacing sneakers turn into bricks after faulty firmware update

For the more technical

  1. PoC exploit code for recent container escape flaw in runC published online
  2. Microsoft Edge lets run Flash code behind users’ backs
  3. Extracting a 19 year old code execution from WinRAR
  4. No source code for a 14-year old vulnerable DLL? No problem
  5. MikroTik firewall & NAT bypass – exploitation from WAN to LAN
  6. Critical Drupal vulnerability allows remote code execution
  7. Exploiting Drupal8’s REST RCE
  8. Hacking Jenkins part 1 – play with Dynamic Routing
  9. Hacking Jenkins part 2 – abusing meta programming for unauthenticated RCE
  10. Unveiling Amazon S3 bucket names
  11. Experts found a remote code execution flaw in WordPress 5.0.0
  12. Facebook CSRF protection bypass which leads to Account Takeover
  13. A deep dive on the recent widespread DNS hijacking attacks
  14. Detecting web attacks with a Seq2Seq autoencoder
  15. 2019 CrowdStrike Global Threat Report
  16. Ethics need not apply: The dark side of law
  17. Torrent sites ban popular uploader ‘CracksNow’ for sharing ransomware
  18. New decryption tool released for latest version of GandCrab ransomware
  19. Oracle exposes “DrainerBot” mobile ad fraud operation
  20. Hackers use compromised banks as starting points for phishing attacks
  21. When sharing isn’t caring: Phishing attacks are abusing file-sharing sites
  22. Hackers use fake Google reCAPTCHA to cloak banking malware
  23. A closer look at why the QakBot malware is so dangerous
  24. Several cryptojacking apps found on Microsoft Store
  25. ATM robber WinPot: a slot machine instead of cutlets
  26. New breed of fuel pump skimmer? Not really
  27. iOS 12 rootless jailbreak
  28. Physical extraction and file system imaging of iOS 12 devices
  29. Technical and legal implications of iOS file system acquisition
  30. Hacking virtual reality – researchers exploit popular Bigscreen VR app
  31. Why does Mozilla maintain our own root certificate store?
  32. LKRG 0.6 available for download
  33. New release: OnionShare 2
  34. [VIDEO] Don’t try this at home: Chip decapsulation
  35. How reliable are SSDs?

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *