IT Security Weekend Catch Up Holiday Edition – December 25, 2016

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

Less technical content

1. Lithuania confirms finding russian spyware on gov computers
2. Suspected cyberattack on ukrainian power grid (plus second article)
3. History of Citizen Lab
4. Declassified report alleges Snowden keeps ties with Russian intel
5. Who killed a Hamas engineer in Tunisia
6. France creates cyber command
7. Trading in phone cracking technology
8. Stealing cars with data from service centers
9. Accountants and spies: The secret history of Deloitte’s espionage practice
10. LeakedSource history
11. Facebook moderation rules
12. A perspective on the new Dutch intelligence law
13. A fake charity spying on activists

More technical content

1. Traces of KillDisk attack on an ukrainian GOV website
2. [PDF] Cross-origin bypass-attack on Facebook Messenger
3. Evading antivirus without being a wizard
4. Making a rootkit
5. Tool to obfuscate exfiltrated data
6. Hacking in-flight entertainment systems and Panasonic’s comment
7. Russians infecting ukrainian artillery units:
   1. detailed findings of CrowdStrike
   2. ukrainian soldiers rather use tablets without internet connectivity
   3. most artillery losses took place before the app was infected
   4. on VT only Kaspersky provided detection for infected APK
   5. some comments
   6. more critical comments
8. Free antiransomware app
9. [PDF] Nuclear Threat Initiative cybersecurity report
10. Tofsee spambot analysis
11. Hacking C&C botnet panels
12. Bugs in Cisco CloudCenter Orchestrator
13. Noriben – Portable, Simple, Malware Analysis Sandbox
14. EMEA malware trends
15. Cerber ransomware campaign analysis
16. Firefox closer to sandboxing
17. Disclosing email address for each Facebook user
18. TrickBot analysis and history
19. New ATM malware analysis
20. GnuPG ElGamal signature private key disclosure
21. Skype’s trouble with malicious account blocking
22. Hacking users via phone number takeover
23. Analysis of Linux Rakos botnet
24. Conclusions from a year of security incident response
25. Challenges of hacking complex systems
26. Extracting data from iOS devices in real time
27. Fighting with webshells
28. Huge false video ads views campaign
29. Trouble with 2FA
30. Cheap and efficient honeytraps
31. Why using Tor is risky
32. Nuclear bot analysis
33. Easy testing of cryptographic libraries
34. Detecting rapid spam campaigns
35. Bruteforcing eluding volumetric detection
36. Microsoft’s 2FA analysis
37. Google’s 2FA analysis
38. Android banker trojan also encrypting files
39. Alleged Paypal 2FA bypass
40. [PDF] SS7 attacks
41. Analysis of Tordov campaign
42. Building a small Raspberry Pi honeypot
43. Fareit campaign analysis
44. Shadow Brokers return analysis and another one and third one
45. Big analysis of Shadow Brokers: part 1, 2 and 3
46. [PDF] Using GPOs for persistence and lateral movement
47. Bypassing Exploit protection of NORTON Security
48. Bayrob botnet analysis
49. Polymorphic encryption algorythms
50. RCE in Oracle’s Hotel Management Platform
51. Webshell incident analysis
52. Spearphishing on industrial companies
53. Hardening iOS against jailbreaks and malware

Did you enjoy this list? You can retweet it and subscribe to one of our feeds on Twitter, Facebook or RSS.