IT Security Weekend Catch Up Holiday Edition – December 25, 2016

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

Less technical content

  1. Lithuania confirms finding russian spyware on gov computers
  2. Suspected cyberattack on ukrainian power grid (plus second article)
  3. History of Citizen Lab
  4. Declassified report alleges Snowden keeps ties with Russian intel
  5. Who killed a Hamas engineer in Tunisia
  6. France creates cyber command
  7. Trading in phone cracking technology
  8. Stealing cars with data from service centers
  9. Accountants and spies: The secret history of Deloitte’s espionage practice
  10. LeakedSource history
  11. Facebook moderation rules
  12. A perspective on the new Dutch intelligence law
  13. A fake charity spying on activists

More technical content

  1. Traces of KillDisk attack on an ukrainian GOV website
  2. [PDF] Cross-origin bypass-attack on Facebook Messenger
  3. Evading antivirus without being a wizard
  4. Making a rootkit
  5. Tool to obfuscate exfiltrated data
  6. Hacking in-flight entertainment systems and Panasonic’s comment
  7. Russians infecting ukrainian artillery units:
    1. detailed findings of CrowdStrike
    2. ukrainian soldiers rather use tablets without internet connectivity
    3. most artillery losses took place before the app was infected
    4. on VT only Kaspersky provided detection for infected APK
    5. some comments
    6. more critical comments
  8. Free antiransomware app
  9. [PDF] Nuclear Threat Initiative cybersecurity report
  10. Tofsee spambot analysis
  11. Hacking C&C botnet panels
  12. Bugs in Cisco CloudCenter Orchestrator
  13. Noriben – Portable, Simple, Malware Analysis Sandbox
  14. EMEA malware trends
  15. Cerber ransomware campaign analysis
  16. Firefox closer to sandboxing
  17. Disclosing email address for each Facebook user
  18. TrickBot analysis and history
  19. New ATM malware analysis
  20. GnuPG ElGamal signature private key disclosure
  21. Skype’s trouble with malicious account blocking
  22. Hacking users via phone number takeover
  23. Analysis of Linux Rakos botnet
  24. Conclusions from a year of security incident response
  25. Challenges of hacking complex systems
  26. Extracting data from iOS devices in real time
  27. Fighting with webshells
  28. Huge false video ads views campaign
  29. Trouble with 2FA
  30. Cheap and efficient honeytraps
  31. Why using Tor is risky
  32. Nuclear bot analysis
  33. Easy testing of cryptographic libraries
  34. Detecting rapid spam campaigns
  35. Bruteforcing eluding volumetric detection
  36. Microsoft’s 2FA analysis
  37. Google’s 2FA analysis
  38. Android banker trojan also encrypting files
  39. Alleged Paypal 2FA bypass
  40. [PDF] SS7 attacks
  41. Analysis of Tordov campaign
  42. Building a small Raspberry Pi honeypot
  43. Fareit campaign analysis
  44. Shadow Brokers return analysis and another one and third one
  45. Big analysis of Shadow Brokers: part 1, 2 and 3
  46. [PDF] Using GPOs for persistence and lateral movement
  47. Bypassing Exploit protection of NORTON Security
  48. Bayrob botnet analysis
  49. Polymorphic encryption algorythms
  50. RCE in Oracle’s Hotel Management Platform
  51. Webshell incident analysis
  52. Spearphishing on industrial companies
  53. Hardening iOS against jailbreaks and malware

Did you enjoy this list? You can retweet it and subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *