IT Security Weekend Catch Up – July 6, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. Server image mystery in Georgia election security case
2. YouTube mystery ban on hacking videos has content creators puzzled
3. GDPR Enforcement Tracker
4. Four in 10 North American banks non’t use EV certificates
5. Lloyd’s of London calls for cyber cover clarity in insurance policies
6. Former Equifax exec gets 4 months in prison for insider trading after breach
7. Utah man sentenced for computer hacking crime
8. Eurofins Scientific: Forensic services firm paid ransom after cyber-attack
9. Florida city fires IT employee after paying ransom demand last week
10. 7-Eleven Japanese customers lose $500,000 due to mobile app flaw
11. Over $800,000 stolen by scammers in Atlanta area city BEC fraud
12. This Bitcoin money-laundering cartel was operating from inside a Florida prison
13. China is forcing tourists to install text-stealing malware at its border
14. Google’s Jigsaw was supposed to save the Internet. Behind the scenes, it became a toxic mess
15. How Amazon and the cops set up an elaborate sting operation that accomplished nothing
16. The simple way Apple and Google let domestic abusers stalk victims
17. Which smart bulbs should you buy (from a security perspective)
18. Pirates: So you want to join ‘The Scene’?

For the more technical

1. How we hacked our colleague’s smart home
2. Orvibo smart home devices leak billions of user records
3. Android Security Bulletin—July 2019
4. Tens of VMware products affected by SACK Panic and SACK Slowness flaws
5. Breaking & entering with Zipato smart hubs
6. Unfixable seed extraction on Trezor – a practical and reliable attack
7. Centreon v19.04 remote code execution (CVE-2019-13024)
8. Exploit using Microsoft Excel Power Query for remote DDE execution discovered
9. Windows privilege escalation via AlwaysInstallElevated technique
10. Cloudflare outage caused by bad software deploy
11. Magento 2.3.1: Unauthenticated stored XSS to RCE
12. A great show is now history, as is its insecure mobile app
13. File-storage app 4shared caught serving invisible ads and making purchases without consent
14. Cybersecurity of NATO’s space-based strategic assets
15. Hackers hijacked VR chatrooms to manipulate users’ reality
16. Malware development – welcome to the Dark Side [1], [2-1], [2-2], [3], [4]
17. The commoditization of ATM malware in the cybercriminal underground
18. Monero security flaw could’ve seen XMR stolen from cryptocurrency exchanges
19. Sodin ransomware exploits Windows vulnerability and processor architecture
20. First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
21. An analysis of Godlua backdoor
22. RATs and stealers rush through “Heaven’s Gate” with new loader
23. A further look at the”Silentbruter” malware – Internal folder structures revealed
24. New Dridex variant evading traditional antivirus
25. New record in 2019: Emotet now has over 30.000 variants and counting
26. New triple-threat mobile version of the malware WannaLocker targets banks in Brazil
27. “Updates for Samsung” — from a blog to an Android advertisement revenue goldmine of 10,000,000+ users
28. Operation Tripoli
29. TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States
30. Ratsnif – new network Vermin from OceanLotus
31. ‘Silence’ hackers hit banks in Bangladesh, India, Sri Lanka, and Kyrgyzstan
32. Multiple chinese threat groups exploiting CVE-2018-0798 equation editor vulnerability
33. MFSocket: A Chinese surveillance tool
34. A better zip bomb
35. You (probably) don’t need ReCAPTCHA
36. OpenID Foundation says ‘Sign In with Apple’ is not secure enough

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.