IT Security Weekend Catch Up – June 24, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. YouTube’s blocks MIT courses, Blender videos, and more
  2. Confessions of a Disk Cracker: the secrets of 4am
  3. Nigerian Prince Scam took $110K from Kansas man; 10 years later, he’s getting it back
  4. French authorities shut down Darknet market Black Hand
  5. Ex-CIA employee charged in major leak of agency hacking tools
  6. When a cold case is solved, why can’t internet sleuths move on?
  7. Vendors, disclosure, and a bit of WebUSB madness
  8. Inside the private event where Microsoft, Google and other rivals share security secrets
  9. A security rebel turned pen tester
  10. OVH bug bounty retex
  11. The risk of insider threats for organisations

For the more technical

  1. [VIDEO] Steal messages from Signal using RCE
  2. [VIDEO] Area41 security conference 2018
  3. [VIDEO] Botconf 2017 talks
  4. Only 26% of researched security vulnerabilities are resolved
  5. Evil teacher: code injection in Moodle
  6. AWS privilege escalation – methods and mitigation
  7. Using a GitHub app to escalate to an organization owner for a $10,000 bounty
  8. Unrestricted file upload at Apple.com
  9. CVE-2018-4990 Acrobat Reader DC double-free vulnerability
  10. Deserialization vulnerabilities: attacking deserialization in JS
  11. A browser security bug
  12. Exfiltrating data from the browser using battery discharge information
  13. Setting arbitrary request headers in Chromium via CRLF injection
  14. Safari based jailbreak demoed running iOS 12 Beta and iOS 11.4 on iPhone
  15. Detecting kernel memory disclosure (PDF)
  16. Cisco patches critical flaws in NX-OS software
  17. Dangerous vulnerabilities fixed in Siemens routers and switches
  18. The case of a hacked baby monitor
  19. Someone is taking over insecure cameras and spying on device owners
  20. Google to fix location data leak in Google Home, Chromecast
  21. Attacking private networks from the Internet with DNS Rebinding
  22. Gaming companies remove analytics app after massive user outcry
  23. A malicious, encrypted Excel document
  24. Olympic Destroyer is still alive
  25. Thrip: espionage group hits satellite, telecoms, and defense companies
  26. The old and new: current trends in web-based threats
  27. Malware analysis report: North Korean trojan TypeFrame
  28. Cisco Talos has been tracking a new campaign involving the FormBook malware
  29. Malicious JavaScript targeting mobile browsers
  30. Red Alert v2.0: misadventures in reversing Android bot malware
  31. New Telegram-abusing Android RAT discovered in the wild
  32. Drupal vulnerability exploited to deliver Monero-mining malware
  33. Thousands of Internet cafe computers “poisoned” with Siacoin miners
  34. Netflix phishing goes TLS
  35. ZeroFont phishing: manipulating font size to get past Office 365 security
  36. Necurs poses a new challenge using Internet Query file
  37. Using the Office 365 Activities API to investigate Business Email Compromises
  38. Call center fraudsters – voice morphing, social engineering, and the need for authentication
  39. Launching VirusTotal Monitor, a service to mitigate false positives
  40. New Hashcat cheat sheet
  41. Better biometrics in Android P
  42. Breaking deeper into iPhone secrets
  43. ‘Stealth sheet’ hides hot objects from prying infrared eyes
  44. Digital Key standard uses your phone to unlock your car
  45. Password storage disclosures

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *