IT Security Weekend Catch Up – July 21, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. How Assange turned an embassy into a command post for election meddling
  2. Hackers reported that they have broken the Bulgarian databases with information about millions of citizens + more information
  3. Slack resets passwords for 1% of its users because of 2015 hack
  4. QuickBooks cloud hosting firm iNSYNQ hit in ransomware attack
  5. Hackers breach FSB contractor, expose Tor deanonymization project and more
  6. Ukrainian hacker arrested after allegedly providing bulletproof hosting to Russian security
  7. Meet the world’s biggest ‘bulletproof’ hoster
  8. Alleged KickassTorrents founder continues to fight US extradition
  9. Ex-Microsoft dev used test account to swipe $10m in tech giant’s own store credits
  10. Police thought they beat the Darknet drug markets – they didn’t
  11. Was Bitcoin created by this international drug dealer? Maybe!
  12. Party like a Russian, carder’s edition
  13. The one company I gave my address to won’t delete it
  14. This app lets your Instagram followers track your location
  15. Health insurers make it easy for scammers to steal millions. Who pays? You
  16. Stream-rippers successfully counter YouTube’s blocking efforts
  17. New cyberthreats require new ways to protect democracy
  18. Office 365 declared illegal in German schools due to privacy risks
  19. MITM on all HTTPS traffic in Kazakhstan
  20. Crashed UAE military spy satellite raises possibility of enemy cyberattack
  21. Galileo is back – still little info from GSA

For the more technical

  1. Oracle Critical Patch Update Advisory – July 2019
  2. Reading ASP secrets for $17,000
  3. Vulnerable firmware in the supply chain of enterprise servers
  4. Industry response to the BlueKeep vulnerability
  5. RCE exploit for ZTE H368N/H369A modems
  6. Dangerous vulnerability in the IGSS system
  7. Dangerous vulnerabilities in Siemens TIA Administrator, SIMATIC WinCC and PCS7
  8. Attacking SSL VPN: PreAuth RCE on Palo Alto GlobalProtect, with Uber as case study
  9. Cracking my windshield and earning $10,000 on the Tesla Bug Bounty Program
  10. New anesthesia machine vulnerability disclosure tells a bigger story
  11. A GPS safety tracker is spectacularly unsafe + more information
  12. Drupal patches critical bug that lets hackers take over sites
  13. Airline check-in bug may have exposed all y’all boarding passes to spies
  14. Account takeover on Airbnb acquisition
  15. How I could have hacked any Instagram account
  16. Hacking into Tinder’s premium model
  17. Academics steal data from air-gapped systems via a keyboard’s LEDs
  18. Facebook is embedding tracking data inside the photos you download
  19. Attackers can manipulate your WhatsApp and Telegram media files
  20. Malicious ‘MobonoGram 2019’ app found infecting users in Iran, Russian and the US
  21. Ursnif – a polymorphic delivery mechanism explained
  22. Metamorfo banking malware hides by abusing Avast executable
  23. Hong Kong based malvertiser brokers traffic to fake antivirus scams
  24. Turla renews its arsenal with Topinambour
  25. BitPaymer ransomware leveraging new custom packer framework against targets across the U.S.
  26. BitPaymer source code fork: Meet DoppelPaymer ransomware and Dridex 2.0
  27. FBI releases master decryption keys for GandCrab ransomware
  28. Is ‘REvil’ the new GandCrab ransomware?
  29. Old tools for new money: URL spreading Shellbot and XMRig using 17-year old XHide
  30. Declining APT34’s invite to join their professional network
  31. SWEED: Exposing years of Agent Tesla campaigns
  32. Ke3chang group targets diplomatic missions
  33. This phishing attacker takes American Express—and victims’ credentials
  34. MyDashWallet compromised for two months, wallet keys taken
  35. How Google legally profits from massive fraud on its platform (and what you can do about it)
  36. My browser, the spy: How extensions slurped up browsing histories from 4M users
  37. Investigating sources of PII used in Facebook’stargeted advertising (PDF)
  38. Tracking anonymized Bluetooth devices (PDF)
  39. An analysis of WeChat’s realtime image filtering in chats
  40. Auxiliary Loss Optimization for Hypothesis Augmentation for DGA domain detection
  41. More on trust records, macros and security
  42. Google: Bigger rewards for security bugs

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *