IT Security Weekend Catch Up – July 15, 2017

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Forged document identified because of font used 
  2. Mining bitcoins on a bank server
  3. How USA got their hands on ISIS key database
  4. Shaltai Boltai head sentenced for two years in prison
  5. How the .SK domain was stolen
  6. Canadian company pays $425k to recover from ransomware attack
  7. Kaspersky’s trouble in USA
  8. Symantec considers selling certificate business

For the more technical

  1. NotPetya
    1. MEDoc authors new about prior attacks
    2. Details of the MEDoc incident
    3. Analysis of the MEDoc backdoor
    4. Analysis of NotPetya spreading code
    5. [PDF] BitDefender analysis
    6. NotPetya based on stolen code
    7. Similarities between NotPetya and BlackEnergy
    8. BlackEnergy presentation from VB2016
    9. Another ransomware deployed on the same day
    10. Excellent reporting on the attack in Ukraine
    11. A chance for partial data recovery
    12. Petya ransomware history
    13. NotPetya’s behaviour if Kaspersky is detected
  2. Step by step malware analysis
  3. Brian Krebs and another cybercriminal
  4. Attacks on independent Chinese language news portals
  5. NTLM vulnerabilities
  6. MongoDB security risks
  7. Reverse engineering a CS:GO cheat engine
  8. Obfuscation used in targeted attacks
  9. BIND9 vulnerability
  10. [PDF] Key leak in Libgcrypt
  11. systemd vulnerability
  12. .feedback domain extortions
  13. Reasons why some organisations can’t just patch
  14. Sniffing TLS traffic target via SNI
  15. How to get added the the GitLab repo
  16. Lenovo Vibe phone vulnerabilities
  17. SSL certificates revocation issues
  18. Keyloggers in Windows
  19. Phone switch hackers caught
  20. [PDF] Avoiding AV products during phishing testing
  21. Vulnerabilities in a vibrator app
  22. Attacks against nuclear plants support
  23. Fixing a 1988 game
  24. What can be extracted from a mobile cloud backup
  25. Defending your website with ZIP bombs
  26. Netgear vulnerability used to build a botnet
  27. Analysis of a custom malware packer
  28. Old Petya key released
  29. Vulnerabilities are not reported to Apple
  30. Vulnerability in audit software
  31. Attack via SIM card takeover
  32. Apache Struts vulnerability
  33. Satphones real time decryption attacks
  34. Amazon S3 buckets search tool
  35. Analysis of obfuscated RTF files
  36. How CNN identified an internet troll
  37. SQLi w WP Statistics
  38. Azure network security whitepaper
  39. Intel Boot Guard description
  40. Attacking EMET
  41. Sabre data leak
  42. Intel Skylake bug
  43. Drupal spam attacks
  44. New KONNI campaign
  45. Bitscout – remote forensics tool
  46. Exploiting a heap overflow in VMWare
  47. Broadpwn
    1. Attack description
    2. Attack analysis
    3. Android patches
    4. Broadpwn attack continued
  48. Blind XXE analysis
  49. [PDF] GPU attacks
  50. ETERNAL SYNERGY exploit analysis
  51. Serious vulnerability in multiple Kerberos implementations
  52. AWS S3 access management mistakes
  53. Attacks on new WordPress installs
  54. Hardware reverse engineering
  55. Private keys found on webservers
  56. ShadowBrokers transactions analysis
  57. Swiss domains hijacking
  58. Winnti operations analysis
  59. Oracle 10g session hijacking
  60. Framework to identify vulnerabilities in home routers
  61. Uber SSO bypass
  62. Two factor authentication problems
  63. Taking over all .IO domains
  64. Tor hosting hacked
  65. Rootnik analysis part 1, 2 and 3
  66. Interesting analysis of Guccifer 2.0 leak
  67. New AdWind campaign
  68. Struts 2 vulnerability analysis
  69. Chrome plugins bought to turn into adware
  70. Interesting micropatching example

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *