IT Security Weekend Catch Up – June 22, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. U.S. escalates online attacks on Russia’s power grid
  2. Iran says it dismantled a U.S. cyber espionage network
  3. Pentagon secretly struck back against Iranian cyberspies targeting U.S. ships
  4. FBI agent accidentally reveals own 8chan posts; attempts to redirect white supremacist rage against Russia
  5. Cellebrite says it can unlock any iPhone for cops
  6. Prisons are banning books that teach prisoners how to code
  7. Colorado man indicted on racketeering charges related to darknet marketplace AlphaBay
  8. Quadriga founder transferred clients’ cryptocurrency to his own personal accounts
  9. Remove password masking
  10. Google and Facebook on web privacy
  11. In stores, secret Bluetooth surveillance tracks your every move

For the more technical

  1. Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues
  2. Multiple 0-day vulnerabilities in Mozilla Firefox exploited in the wild
  3. Firefox 0-day drops a macOS backdoor
  4. Firefox 0-day was used in attack against Coinbase employees, not its users
  5. Fortinet FortiCam FCM-MB40 – multiple vulnerabilities
  6. Buyer beware: Used Nest cams can let people spy on you
  7. Millions of Dell PCs vulnerable to flaw in third-party component
  8. Buffer overflow vulnerability in TP-Link routers can allow remote attackers to take control
  9. How a single coffee maker’s vulnerabilities symbolize a world of IoT risks (PDF)
  10. Critical vulnerabilities patched in Cisco SD-WAN, DNA Center products
  11. Oracle patches actively-exploited WebLogic 0-day + additional information
  12. Double free vulnerability in Apple macOS lets attackers execute arbitrary code
  13. About a Sucuri RCE… and how not to handle bug bounty reports
  14. Chaining three bugs to get RCE in Microsoft AttackSurfaceAnalyzer
  15. CPR-Zero: The Check Point research vulnerability repository
  16. Clickjacking on Google MyAccount worth 7,500$
  17. WeTransfer shared its users’ files with the wrong people
  18. Beware! Playing untrusted videos on VLC player could hack your computer
  19. A rogue Raspberry Pi let hackers into NASA’s JPL network
  20. Spoofing Presidental alerts
  21. Malware sidesteps Google permissions policy with new 2FA bypass technique
  22. Cryptocurrency-mining botnet malware arrives through ADB and spreads through SSH
  23. Ransomware gang hacks MSPs to deploy ransomware on customer systems
  24. Good riddance, GandCrab! We’re still fixing the mess you left behind
  25. Platinum hacking group strikes again
  26. Mobile cyberespionage campaign ‘Bouncing Golf’ affects Middle East
  27. Nation-sponsored hackers likely carried out hostile takeover of rival group’s servers
  28. A threat actor encyclopedia listing APT groups (PDF)
  29. Iranian hackers launch a new US-targeted campaign as tensions mount
  30. The technical computer security practices of cyber criminals (PDF)
  31. DHS email phishing scam
  32. Not-so-dear subscribers
  33. Application “Czech Public Transport IDOS” leaks your location, password & email address
  34. Firefox Monitor warns you if your online accounts were involved in a known data breach
  35. A look at how LinkedIn exfiltrates extension data from your browser
  36. Gmail confidential mode is not secure or private
  37. New Chrome protections from deception
  38. Physical attacks on cash machines: why an armour isn’t enough (PDF)
  39. Apple TV and Apple Watch forensics: Acquisition
  40. The most unusual things about iPhone backups
  41. Hacking IDA Pro installer PRNG from an unusual way
  42. Trinity: PSP emulator escape
  43. How to get caught by Fallout’s anti-cheat
  44. Secret messages from the CD Projekt RED

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *