Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- How UK spies hacked Belgacom
- Lawsuits threaten infosec research
- The Islamic State activity in Belgium (PDF)
- PNB officials illegally accessed Level-5 SWIFT password
- A hacker has wiped a spyware company’s servers
- The data breaches of two spyware companies
- How North Korea evades international sanctions
- Paedophile jailed for 32 years after blackmailing victims over dark web
- The longest data breach saga of all time
- Judge blocked efforts by Silk Road creator
- Flight Sim Labs put malware in a game + second part of the story
- Signal Foundation launched – WhatsApp co-founder puts $50 million
- Satellite centre for NATO to be built in Czech Republic
For the more technical
- Using the Chrome Task Manager to find in-browser miners
- Devirtualizing FinSpy, phase #1, #2, #3, #4
- Trend Micro Email Encryption Gateway multiple vulnerabilities
- Half a billion leaked passwords for download
- The great Puri.sm outage
- Ransomware file encryption
- MeltdownPrime and SpectrePrime attacks (PDF)
- Satori strikes again
- uTorrent has serious security flaws + technical description + PoC 1, 2, 3
- Analysis of Brazilian banker malware
- Validating leaked passwords with k-Anonymity
- Remote code execution in IDA
- Cryptojacking scripts can work in Word documents
- Jailbreaking iOS 11 and iOS 10
- Get iOS shared files without a jailbreak
- Analysis of 2017 Sofacy activity
- Nearly 8,000 security flaws did not receive a CVE ID in 2017
- Bypassing Anti-Malware Scan Interface (AMSI) in Windows 10
- Browser Security Whitepaper (PDF)
- New jRAT/Adwind variant being spread with scam
- Password management and mobile security
- Hackers made $3 million by installing miners on Jenkins servers
- OilRig uses ThreeDollars to deliver new trojan
- Avzhan DDoS bot dropped by Chinese drive-by attack
- Hackers can hijack baby monitor video feeds
- Malicious RTF document leading to NetwiredRC and Quasar RAT
- The rise of crypto-minig attacks
- From Android Defender to DoubleLocker (PDF)
- macOS may lose data on APFS-formatted disk images
- Cryptojacking Attack at Tesla + additional information
- North Korean threat group known as APT37/Reaper (PDF)
- Analysis of macOS trojan Coldroot RAT
- Google Project Zero exposes security flaw in Windows 10
- Chaos backdoor lets attackers gain control of Linux servers
- Increased usage of counterfeit code signing certificates
- Vulnerability in WAGO PFC200 controllers
- How Cloudflare protects users’ credentials
- Log injection attack
- Hacking SinVR
- New version of hashcat
- Snapchat hit by phishing attack
- Vulnerabilities in GE D60 Line Distance Relay devices
- T-Mobile bug allowed hackers to hijack users’ accounts
- The guide to password security
- Tempting Cedar Spyware campaign on Facebook
- Miners attacked 3.3% of ICS computers
- Hacking Tinder accounts using Facebook Account Kit
- Mirai-based bot turns IoT devices into proxy servers
- XXE 0-day vulnerability in HP PPM
- The rise of ICS malware
- How to mitigate rapid cyberattacks such as Petya and WannaCrypt
- Money laundering via author impersonation on Amazon
- Italian DHL-themed phishing leads to Ursnif
- New bypass and protection techniques for ASLR on Linux
- Campaign targeting Fortune 500 companies
- Millions Stolen From Russian, Indian Banks in SWIFT Attacks
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – February 25, 2018”