Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- YouTube’s blocks MIT courses, Blender videos, and more
- Confessions of a Disk Cracker: the secrets of 4am
- Nigerian Prince Scam took $110K from Kansas man; 10 years later, he’s getting it back
- French authorities shut down Darknet market Black Hand
- Ex-CIA employee charged in major leak of agency hacking tools
- When a cold case is solved, why can’t internet sleuths move on?
- Vendors, disclosure, and a bit of WebUSB madness
- Inside the private event where Microsoft, Google and other rivals share security secrets
- A security rebel turned pen tester
- OVH bug bounty retex
- The risk of insider threats for organisations
For the more technical
- [VIDEO] Steal messages from Signal using RCE
- [VIDEO] Area41 security conference 2018
- [VIDEO] Botconf 2017 talks
- Only 26% of researched security vulnerabilities are resolved
- Evil teacher: code injection in Moodle
- AWS privilege escalation – methods and mitigation
- Using a GitHub app to escalate to an organization owner for a $10,000 bounty
- Unrestricted file upload at Apple.com
- CVE-2018-4990 Acrobat Reader DC double-free vulnerability
- Deserialization vulnerabilities: attacking deserialization in JS
- A browser security bug
- Exfiltrating data from the browser using battery discharge information
- Setting arbitrary request headers in Chromium via CRLF injection
- Safari based jailbreak demoed running iOS 12 Beta and iOS 11.4 on iPhone
- Detecting kernel memory disclosure (PDF)
- Cisco patches critical flaws in NX-OS software
- Dangerous vulnerabilities fixed in Siemens routers and switches
- The case of a hacked baby monitor
- Someone is taking over insecure cameras and spying on device owners
- Google to fix location data leak in Google Home, Chromecast
- Attacking private networks from the Internet with DNS Rebinding
- Gaming companies remove analytics app after massive user outcry
- A malicious, encrypted Excel document
- Olympic Destroyer is still alive
- Thrip: espionage group hits satellite, telecoms, and defense companies
- The old and new: current trends in web-based threats
- Malware analysis report: North Korean trojan TypeFrame
- Cisco Talos has been tracking a new campaign involving the FormBook malware
- Malicious JavaScript targeting mobile browsers
- Red Alert v2.0: misadventures in reversing Android bot malware
- New Telegram-abusing Android RAT discovered in the wild
- Drupal vulnerability exploited to deliver Monero-mining malware
- Thousands of Internet cafe computers “poisoned” with Siacoin miners
- Netflix phishing goes TLS
- ZeroFont phishing: manipulating font size to get past Office 365 security
- Necurs poses a new challenge using Internet Query file
- Using the Office 365 Activities API to investigate Business Email Compromises
- Call center fraudsters – voice morphing, social engineering, and the need for authentication
- Launching VirusTotal Monitor, a service to mitigate false positives
- New Hashcat cheat sheet
- Better biometrics in Android P
- Breaking deeper into iPhone secrets
- ‘Stealth sheet’ hides hot objects from prying infrared eyes
- Digital Key standard uses your phone to unlock your car
- Password storage disclosures
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – June 24, 2018”