Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- U.S. escalates online attacks on Russia’s power grid
- Iran says it dismantled a U.S. cyber espionage network
- Pentagon secretly struck back against Iranian cyberspies targeting U.S. ships
- FBI agent accidentally reveals own 8chan posts; attempts to redirect white supremacist rage against Russia
- Cellebrite says it can unlock any iPhone for cops
- Prisons are banning books that teach prisoners how to code
- Colorado man indicted on racketeering charges related to darknet marketplace AlphaBay
- Quadriga founder transferred clients’ cryptocurrency to his own personal accounts
- Remove password masking
- Google and Facebook on web privacy
- In stores, secret Bluetooth surveillance tracks your every move
For the more technical
- Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues
- Multiple 0-day vulnerabilities in Mozilla Firefox exploited in the wild
- Firefox 0-day drops a macOS backdoor
- Firefox 0-day was used in attack against Coinbase employees, not its users
- Fortinet FortiCam FCM-MB40 – multiple vulnerabilities
- Buyer beware: Used Nest cams can let people spy on you
- Millions of Dell PCs vulnerable to flaw in third-party component
- Buffer overflow vulnerability in TP-Link routers can allow remote attackers to take control
- How a single coffee maker’s vulnerabilities symbolize a world of IoT risks (PDF)
- Critical vulnerabilities patched in Cisco SD-WAN, DNA Center products
- Oracle patches actively-exploited WebLogic 0-day + additional information
- Double free vulnerability in Apple macOS lets attackers execute arbitrary code
- About a Sucuri RCE… and how not to handle bug bounty reports
- Chaining three bugs to get RCE in Microsoft AttackSurfaceAnalyzer
- CPR-Zero: The Check Point research vulnerability repository
- Clickjacking on Google MyAccount worth 7,500$
- WeTransfer shared its users’ files with the wrong people
- Beware! Playing untrusted videos on VLC player could hack your computer
- A rogue Raspberry Pi let hackers into NASA’s JPL network
- Spoofing Presidental alerts
- Malware sidesteps Google permissions policy with new 2FA bypass technique
- Cryptocurrency-mining botnet malware arrives through ADB and spreads through SSH
- Ransomware gang hacks MSPs to deploy ransomware on customer systems
- Good riddance, GandCrab! We’re still fixing the mess you left behind
- Platinum hacking group strikes again
- Mobile cyberespionage campaign ‘Bouncing Golf’ affects Middle East
- Nation-sponsored hackers likely carried out hostile takeover of rival group’s servers
- A threat actor encyclopedia listing APT groups (PDF)
- Iranian hackers launch a new US-targeted campaign as tensions mount
- The technical computer security practices of cyber criminals (PDF)
- DHS email phishing scam
- Not-so-dear subscribers
- Application “Czech Public Transport IDOS” leaks your location, password & email address
- Firefox Monitor warns you if your online accounts were involved in a known data breach
- A look at how LinkedIn exfiltrates extension data from your browser
- Gmail confidential mode is not secure or private
- New Chrome protections from deception
- Physical attacks on cash machines: why an armour isn’t enough (PDF)
- Apple TV and Apple Watch forensics: Acquisition
- The most unusual things about iPhone backups
- Hacking IDA Pro installer PRNG from an unusual way
- Trinity: PSP emulator escape
- How to get caught by Fallout’s anti-cheat
- Secret messages from the CD Projekt RED
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.