Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Security culture, the Dropbox way
- Law firms send ads to patients’ phones inside ERs
- Hacker defaces Ticketfly’s website, steals customer database
- A network of fake carding sites
- Two Canadian banks warn attackers may have stolen customer data
- Mexico foiled a $110 million bank heist, then kept it a secret
- Scammers raid man’s bank account while he waits on hold to fraud hotline
- People use Venmo to spy on cheating spouses
- How spies can use your cellphone to find you – and eavesdrop on your calls and texts too
- How a hacker proved cops used a secret government phone tracker to find him
- Bitcoin backlash as ‘miners’ suck up electricity, stress power grids in Central Washington
- How WIRED Lost $100,000 in Bitcoin
- French teens arrested for hacking Vevo, defacing Despacito music video
- Ohio prison inmates pirated movies and built computers from spare parts
- Russia-connected hacker sentenced to 5 years in U.S. prison
- Top-managers of Rosneft and LUKoil detained in case of gasoline underfill at petrol stations
- How the fight against child porn took two ordinary men to the internet’s darkest corners
- Crime on the dark web: law enforcement coordination is the only cure
- Elaborate kidnapping scam targets Chinese, Taiwanese university students in Australia
- How kidnapping insurance keeps a lid on ransom inflation
- The serial killer as a marketing genius
For the more technical
- New banking trojan MnuBot
- TrickBot operators rapidly adopt “plugin” for delivery
- NavRAT uses US-North Korea summit as decoy for attacks in South Korea
- High level overview of a malicious Perl bot
- How researchers were looking for packaged PowerShell malware
- Remediating the may 2018 Git security vulnerability
- Getting root access on all Shopify instances via SSRF
- A remote code execution vulnerability in the Steam client
- reCAPTCHA bypass via HTTP Parameter Pollution
- “Drupalgeddon2” recent developments
- QRadar remote command execution
- Multiple vulnerabilities in Schneider Electric Floating License Manager
- Serious vulnerabilities in TELEM-GW6/GWM data concentrators
- ForgotDoor: routers in Singapore give complete access to IoT attackers
- Cobalt hacking group still active despite leader’s arrest
- Softbank’s ‘Pepper’ robot is a security joke (PDF)
- APT28 rollercoaster: the lowdown on hijacked LoJack
- Covelitte compromises networks associated with civilian electric energy
- An alert on two malware associated with North Korea-linked APT Hidden Cobra
- Rig Exploit Kit now using CVE-2018-8174 to deliver Monero miner
- 2018 Fraud World Cup
- The cyberphysical risks of wearable gadgets
- Widespread Google Groups misconfiguration exposes sensitive data + more information
- Side-channel attacking browsers through CSS3 features
- SMiShing with punycode
- Only an Electron away from code execution
- Practical DMA attack on Windows 10
- WhatsApp Business acquisition guide
- Apple collect browsing history in a hidden log
- Environmently friendly reverse engineering
- Demystifying Android physical acquisition
- Encrypting for Apple’s Secure Enclave
- Oracle plans to drop Java serialization support, the source of most security bugs
- Pwned Passwords in practice: real world examples of blocking the worst passwords
- Google Pixel 2 devices implement insider attack resistance
- Remote authentication GeoFeasibility tool – GeoLogonalyzer
- iOS 11.4.1 Beta: USB Restricted Mode has arrived
- A outage on 1.1.1.1 resolver service
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – June 3, 2018”