IT Security Weekend Catch Up – July 13, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! Newsletter: Virtual Private Networks (PDF)
  2. German banks are moving away from SMS one-time passcodes
  3. Ransomware, BEC attacks strike government offices in the US Virgin Islands
  4. They paid nearly a half million in ransom. Where’s the data?
  5. Should governments pay extortion payments after a ransomware attack?
  6. Hackers breached Greece’s top-level domain registrar
  7. Bitpoint cryptocurrency exchange hacked for $32 million
  8. ICO statement: Intention to fine British Airways £183.39m under GDPR for data breach + more information
  9. UK watchdog plans to fine Marriott £99m
  10. A massive international email scam netted $3 million worth of top-secret US military equipment
  11. Banned Chinese security cameras are almost impossible to remove
  12. Hong Kong’s protesters put AirDrop to ingenious use to breach China’s Firewall
  13. Fugitive U.S. tech guru: Cryptocurrency is next Cuban revolution
  14. ‘Drugs in the mail’: Three in court over alleged Melbourne syndicate
  15. “Stranger Things” leaks suggest Netflix 4K may have been breached
  16. The Scene: Pirates ripping content from Amazon & Netflix
  17. The women who win hundreds of sweepstakes per year

For the more technical

  1. Zoom zero day: 4+ million webcams & maybe an RCE? Just get them to visit your website + more information
  2. Microsoft’s July 2019 Patch Tuesday + more information
  3. Microsoft stirs suspicions by adding telemetry files to security-only update
  4. Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
  5. Authentication bypass and arbitrary file upload on Cisco Data Center Network Manager
  6. Canonical GitHub account hacked, Ubuntu source code safe
  7. Archive cerver of Pale Moon open source browser hacked
  8. Two pentesters, one glitch: Firefox browser menaced by ancient file-snaffling bug, er, feature
  9. Nation-state hackers exploiting Outlook to deliver malware
  10. NewsBeef delivers Christmas presence
  11. Buhtrap group uses zero‑day in latest espionage campaigns
  12. Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
  13. Router Exploit Kits: An overview of RouterCSRF attacks and DNS hijacking in Brazil
  14. Backdoored torrents infect movie, TV fans with GoBot2 malware
  15. Backdoor found in Ruby library for checking for strong passwords + more information
  16. Hardcoded credentials in Uniguest kiosk software lead to API compromise
  17. New vulnerability in Schneider Electric Modicon PLCs
  18. How we seized 15 active ransomware campaigns targeting Linux file storage servers
  19. Who’s behind the GandCrab ransomware?
  20. Keeping the ‘kill switch’ alive is the only thing preventing another WannaCry outbreak
  21. Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack + more information
  22. New Miori variant uses unique protocol to communicate with C&C
  23. Magecart campaign breaches websites en masse via misconfigured Amazon S3 buckets
  24. Magento Killer: Malicious operations used to steal payment info
  25. Double duty: Dridex banking malware delivered with RMS RAT
  26. UK banking phish targets 2-factor information
  27. iOS URL scheme susceptible to hijacking
  28. Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping
  29. Investigating some subscription scam iOS apps
  30. New FinSpy iOS and Android implants revealed ITW
  31. More than 1,000 Android apps harvest data even after you deny permissions (PDF)
  32. Anubis Android malware returns with over 17,000 samples
  33. Hidden VPN owners unveiled: 97 VPN products run by just 23 companies
  34. Details of the Cloudflare outage on July 2, 2019
  35. Tor Project to fix bug used for DDoS attacks on Onion sites for years
  36. Bug bounty: how to win the race against black-hat hackers?
  37. Inside the MSRC – anatomy of a SSIRP incident
  38. The art of iPhone acquisition
  39. Grizzly browser fuzzing framework
  40. Seriously, stop using RSA

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *