Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- How UK spies hacked Belgacom
- Lawsuits threaten infosec research
- The Islamic State activity in Belgium (PDF)
- PNB officials illegally accessed Level-5 SWIFT password
- A hacker has wiped a spyware company’s servers
- The data breaches of two spyware companies
- How North Korea evades international sanctions
- Paedophile jailed for 32 years after blackmailing victims over dark web
- The longest data breach saga of all time
- Judge blocked efforts by Silk Road creator
- Flight Sim Labs put malware in a game + second part of the story
- Signal Foundation launched – WhatsApp co-founder puts $50 million
- Satellite centre for NATO to be built in Czech Republic
For the more technical
- Using the Chrome Task Manager to find in-browser miners
- Devirtualizing FinSpy, phase #1, #2, #3, #4
- Trend Micro Email Encryption Gateway multiple vulnerabilities
- Half a billion leaked passwords for download
- The great Puri.sm outage
- Ransomware file encryption
- MeltdownPrime and SpectrePrime attacks (PDF)
- Satori strikes again
- uTorrent has serious security flaws + technical description + PoC 1, 2, 3
- Analysis of Brazilian banker malware
- Validating leaked passwords with k-Anonymity
- Remote code execution in IDA
- Cryptojacking scripts can work in Word documents
- Jailbreaking iOS 11 and iOS 10
- Get iOS shared files without a jailbreak
- Analysis of 2017 Sofacy activity
- Nearly 8,000 security flaws did not receive a CVE ID in 2017
- Bypassing Anti-Malware Scan Interface (AMSI) in Windows 10
- Browser Security Whitepaper (PDF)
- New jRAT/Adwind variant being spread with scam
- Password management and mobile security
- Hackers made $3 million by installing miners on Jenkins servers
- OilRig uses ThreeDollars to deliver new trojan
- Avzhan DDoS bot dropped by Chinese drive-by attack
- Hackers can hijack baby monitor video feeds
- Malicious RTF document leading to NetwiredRC and Quasar RAT
- The rise of crypto-minig attacks
- From Android Defender to DoubleLocker (PDF)
- macOS may lose data on APFS-formatted disk images
- Cryptojacking Attack at Tesla + additional information
- North Korean threat group known as APT37/Reaper (PDF)
- Analysis of macOS trojan Coldroot RAT
- Google Project Zero exposes security flaw in Windows 10
- Chaos backdoor lets attackers gain control of Linux servers
- Increased usage of counterfeit code signing certificates
- Vulnerability in WAGO PFC200 controllers
- How Cloudflare protects users’ credentials
- Log injection attack
- Hacking SinVR
- New version of hashcat
- Snapchat hit by phishing attack
- Vulnerabilities in GE D60 Line Distance Relay devices
- T-Mobile bug allowed hackers to hijack users’ accounts
- The guide to password security
- Tempting Cedar Spyware campaign on Facebook
- Miners attacked 3.3% of ICS computers
- Hacking Tinder accounts using Facebook Account Kit
- Mirai-based bot turns IoT devices into proxy servers
- XXE 0-day vulnerability in HP PPM
- The rise of ICS malware
- How to mitigate rapid cyberattacks such as Petya and WannaCrypt
- Money laundering via author impersonation on Amazon
- Italian DHL-themed phishing leads to Ursnif
- New bypass and protection techniques for ASLR on Linux
- Campaign targeting Fortune 500 companies
- Millions Stolen From Russian, Indian Banks in SWIFT Attacks
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.