IT Security Weekend Catch Up – January 20, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Massive Oklahoma government data leak exposes 7 years of FBI investigations + more information
  2. Hacked Instagram influencers rely on white-hat hackers to get their accounts back
  3. Facebook’s Sputnik takedown  – in depth
  4. The history of Ashiyane: Iran’s first security forum
  5. Microsoft’s fonts catch out another fraudster – this time in Canada
  6. “Stole $24 million but still can’t keep a friend”
  7. Courts hand down hard jail time for DDoS

For the more technical

  1. Researcher warns of weak SCP security after discovering vulnerabilities
  2. Oracle Critical Patch Update advisory – January 2019
  3. Unpatched vCard flaw could let attackers hack your Windows PCs
  4. Vulnerability deep dive: TP-Link TL-R600VPN remote code execution vulnerabilities
  5. Flaw in Telegram reveals awful opsec from malware author
  6. Fortnite’s vulnerability: Only the secure survive
  7. Popular WordPress plugin hacked by angry former employee
  8. Researcher shows how popular app ES File Explorer exposes Android device data
  9. Z-WASP vulnerability used to phish Office 365 and ATP
  10. Exposed JIRA server leaks NASA staff and project data
  11. Flaws in Amadeus’ airline booking system made it easy to change passenger records
  12. VOIPO.com data leak
  13. The 773 million record “Collection #1” data breach
  14. 773M password ‘megabreach’ is years old
  15. We tested 5 popular web hosting companies & all were easily hacked
  16. Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell
  17. Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi
  18. Multiple zero-days in PremiSys IDenticard access control system + more information
  19. Vulnerabilities in Schneider Electric industrial solutions
  20. Demonstrating command injection and e-stop abuse against industrial radio remote controllers (PDF)
  21. Hackers take control of giant construction cranes
  22. Disclosure of Chilean Redbanc intrusion leads to Lazarus ties
  23. New Magecart attack delivered through compromised advertising supply chain
  24. New year, same Magecart: The continuation of web-based supply chain attacks
  25. A nasty trick: From credential theft malware to business disruption
  26. Big game hunting with Ryuk: Another lucrative targeted ransomware
  27. Emotet re-emerges after the holidays
  28. Phishing campaigns are manipulating the Windows Control Panel extension to deliver banking trojans
  29. Cisco Talos releases PyLocky ransomware decryptor
  30. Eight months after discovery, unkillable LoJax rootkit campaign remains active
  31. What we learned by unpacking a recent wave of Imminent RAT infections using AMP
  32. The Vjw0rm malware does it all. Here’s what to watch for
  33. A malicious JPEG + second example
  34. Distribution of malicious JAR appended to MSI files signed by third parties
  35. Google Play apps drop Anubis banking malware, use motion-based evasion tactics
  36. Malware found preinstalled on some Alcatel smartphones
  37. Trisis investigator says Saudi plant outage could have been prevented
  38. Global DNS hijacking campaign: DNS record manipulation at scale
  39. Detecting drones via network traffic analysis (PDF)
  40. How to find hidden cameras & spy gear like a professional
  41. The curious case of the Raspberry Pi in the network closet
  42. Criminal intelligence – manual for analysts (PDF)
  43. Remarkable talks from 35C3
  44. Using factory access mode for imaging SSD drives
  45. Google Earth reverse engineering
  46. The (almost) secret algorithm researchers used to break thousands of RSA keys
  47. Phishing NG. Bypassing 2FA with Modlishka + source code
  48. New tool automates phishing attacks that bypass 2FA
  49. NFC payments: Relay attacks with LoRa
  50. Oversec with “Eye-to-Eye” encryption
  51. Be careful of data without context: The case of malware scanning of journaled emails

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *