Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Security culture, the Dropbox way
- Law firms send ads to patients’ phones inside ERs
- Hacker defaces Ticketfly’s website, steals customer database
- A network of fake carding sites
- Two Canadian banks warn attackers may have stolen customer data
- Mexico foiled a $110 million bank heist, then kept it a secret
- Scammers raid man’s bank account while he waits on hold to fraud hotline
- People use Venmo to spy on cheating spouses
- How spies can use your cellphone to find you – and eavesdrop on your calls and texts too
- How a hacker proved cops used a secret government phone tracker to find him
- Bitcoin backlash as ‘miners’ suck up electricity, stress power grids in Central Washington
- How WIRED Lost $100,000 in Bitcoin
- French teens arrested for hacking Vevo, defacing Despacito music video
- Ohio prison inmates pirated movies and built computers from spare parts
- Russia-connected hacker sentenced to 5 years in U.S. prison
- Top-managers of Rosneft and LUKoil detained in case of gasoline underfill at petrol stations
- How the fight against child porn took two ordinary men to the internet’s darkest corners
- Crime on the dark web: law enforcement coordination is the only cure
- Elaborate kidnapping scam targets Chinese, Taiwanese university students in Australia
- How kidnapping insurance keeps a lid on ransom inflation
- The serial killer as a marketing genius
For the more technical
- New banking trojan MnuBot
- TrickBot operators rapidly adopt “plugin” for delivery
- NavRAT uses US-North Korea summit as decoy for attacks in South Korea
- High level overview of a malicious Perl bot
- How researchers were looking for packaged PowerShell malware
- Remediating the may 2018 Git security vulnerability
- Getting root access on all Shopify instances via SSRF
- A remote code execution vulnerability in the Steam client
- reCAPTCHA bypass via HTTP Parameter Pollution
- “Drupalgeddon2” recent developments
- QRadar remote command execution
- Multiple vulnerabilities in Schneider Electric Floating License Manager
- Serious vulnerabilities in TELEM-GW6/GWM data concentrators
- ForgotDoor: routers in Singapore give complete access to IoT attackers
- Cobalt hacking group still active despite leader’s arrest
- Softbank’s ‘Pepper’ robot is a security joke (PDF)
- APT28 rollercoaster: the lowdown on hijacked LoJack
- Covelitte compromises networks associated with civilian electric energy
- An alert on two malware associated with North Korea-linked APT Hidden Cobra
- Rig Exploit Kit now using CVE-2018-8174 to deliver Monero miner
- 2018 Fraud World Cup
- The cyberphysical risks of wearable gadgets
- Widespread Google Groups misconfiguration exposes sensitive data + more information
- Side-channel attacking browsers through CSS3 features
- SMiShing with punycode
- Only an Electron away from code execution
- Practical DMA attack on Windows 10
- WhatsApp Business acquisition guide
- Apple collect browsing history in a hidden log
- Environmently friendly reverse engineering
- Demystifying Android physical acquisition
- Encrypting for Apple’s Secure Enclave
- Oracle plans to drop Java serialization support, the source of most security bugs
- Pwned Passwords in practice: real world examples of blocking the worst passwords
- Google Pixel 2 devices implement insider attack resistance
- Remote authentication GeoFeasibility tool – GeoLogonalyzer
- iOS 11.4.1 Beta: USB Restricted Mode has arrived
- A outage on 1.1.1.1 resolver service
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – June 3, 2018”