Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Massive Oklahoma government data leak exposes 7 years of FBI investigations + more information
- Hacked Instagram influencers rely on white-hat hackers to get their accounts back
- Facebook’s Sputnik takedown - in depth
- The history of Ashiyane: Iran's first security forum
- Microsoft’s fonts catch out another fraudster - this time in Canada
- “Stole $24 million but still can’t keep a friend”
- Courts hand down hard jail time for DDoS
For the more technical
- Researcher warns of weak SCP security after discovering vulnerabilities
- Oracle Critical Patch Update advisory - January 2019
- Unpatched vCard flaw could let attackers hack your Windows PCs
- Vulnerability deep dive: TP-Link TL-R600VPN remote code execution vulnerabilities
- Flaw in Telegram reveals awful opsec from malware author
- Fortnite’s vulnerability: Only the secure survive
- Popular WordPress plugin hacked by angry former employee
- Researcher shows how popular app ES File Explorer exposes Android device data
- Z-WASP vulnerability used to phish Office 365 and ATP
- Exposed JIRA server leaks NASA staff and project data
- Flaws in Amadeus’ airline booking system made it easy to change passenger records
- VOIPO.com data leak
- The 773 million record "Collection #1" data breach
- 773M password ‘megabreach’ is years old
- We tested 5 popular web hosting companies & all were easily hacked
- Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell
- Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi
- Multiple zero-days in PremiSys IDenticard access control system + more information
- Vulnerabilities in Schneider Electric industrial solutions
- Demonstrating command injection and e-stop abuse against industrial radio remote controllers (PDF)
- Hackers take control of giant construction cranes
- Disclosure of Chilean Redbanc intrusion leads to Lazarus ties
- New Magecart attack delivered through compromised advertising supply chain
- New year, same Magecart: The continuation of web-based supply chain attacks
- A nasty trick: From credential theft malware to business disruption
- Big game hunting with Ryuk: Another lucrative targeted ransomware
- Emotet re-emerges after the holidays
- Phishing campaigns are manipulating the Windows Control Panel extension to deliver banking trojans
- Cisco Talos releases PyLocky ransomware decryptor
- Eight months after discovery, unkillable LoJax rootkit campaign remains active
- What we learned by unpacking a recent wave of Imminent RAT infections using AMP
- The Vjw0rm malware does it all. Here’s what to watch for
- A malicious JPEG + second example
- Distribution of malicious JAR appended to MSI files signed by third parties
- Google Play apps drop Anubis banking malware, use motion-based evasion tactics
- Malware found preinstalled on some Alcatel smartphones
- Trisis investigator says Saudi plant outage could have been prevented
- Global DNS hijacking campaign: DNS record manipulation at scale
- Detecting drones via network traffic analysis (PDF)
- How to find hidden cameras & spy gear like a professional
- The curious case of the Raspberry Pi in the network closet
- Criminal intelligence - manual for analysts (PDF)
- Remarkable talks from 35C3
- Using factory access mode for imaging SSD drives
- Google Earth reverse engineering
- The (almost) secret algorithm researchers used to break thousands of RSA keys
- Phishing NG. Bypassing 2FA with Modlishka + source code
- New tool automates phishing attacks that bypass 2FA
- NFC payments: Relay attacks with LoRa
- Oversec with "Eye-to-Eye" encryption
- Be careful of data without context: The case of malware scanning of journaled emails
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments