IT Security Weekend Catch Up – June 3, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Security culture, the Dropbox way
  2. Law firms send ads to patients’ phones inside ERs
  3. Hacker defaces Ticketfly’s website, steals customer database
  4. A network of fake carding sites
  5. Two Canadian banks warn attackers may have stolen customer data
  6. Mexico foiled a $110 million bank heist, then kept it a secret
  7. Scammers raid man’s bank account while he waits on hold to fraud hotline
  8. People use Venmo to spy on cheating spouses
  9. How spies can use your cellphone to find you – and eavesdrop on your calls and texts too
  10. How a hacker proved cops used a secret government phone tracker to find him
  11. Bitcoin backlash as ‘miners’ suck up electricity, stress power grids in Central Washington
  12. How WIRED Lost $100,000 in Bitcoin
  13. French teens arrested for hacking Vevo, defacing Despacito music video
  14. Ohio prison inmates pirated movies and built computers from spare parts
  15. Russia-connected hacker sentenced to 5 years in U.S. prison
  16. Top-managers of Rosneft and LUKoil detained in case of gasoline underfill at petrol stations
  17. How the fight against child porn took two ordinary men to the internet’s darkest corners
  18. Crime on the dark web: law enforcement coordination is the only cure
  19. Elaborate kidnapping scam targets Chinese, Taiwanese university students in Australia
  20. How kidnapping insurance keeps a lid on ransom inflation
  21. The serial killer as a marketing genius

For the more technical

  1. New banking trojan MnuBot
  2. TrickBot operators rapidly adopt “plugin” for delivery
  3. NavRAT uses US-North Korea summit as decoy for attacks in South Korea
  4. High level overview of a malicious Perl bot
  5. How researchers were looking for packaged PowerShell malware
  6. Remediating the may 2018 Git security vulnerability
  7. Getting root access on all Shopify instances via SSRF
  8. A remote code execution vulnerability in the Steam client
  9. reCAPTCHA bypass via HTTP Parameter Pollution
  10. “Drupalgeddon2” recent developments
  11. QRadar remote command execution
  12. Multiple vulnerabilities in Schneider Electric Floating License Manager
  13. Serious vulnerabilities in TELEM-GW6/GWM data concentrators
  14. ForgotDoor: routers in Singapore give complete access to IoT attackers
  15. Cobalt hacking group still active despite leader’s arrest
  16. Softbank’s ‘Pepper’ robot is a security joke (PDF)
  17. APT28 rollercoaster: the lowdown on hijacked LoJack
  18. Covelitte compromises networks associated with civilian electric energy
  19. An alert on two malware associated with North Korea-linked APT Hidden Cobra
  20. Rig Exploit Kit now using CVE-2018-8174 to deliver Monero miner
  21. 2018 Fraud World Cup
  22. The cyberphysical risks of wearable gadgets
  23. Widespread Google Groups misconfiguration exposes sensitive data + more information
  24. Side-channel attacking browsers through CSS3 features
  25. SMiShing with punycode
  26. Only an Electron away from code execution
  27. Practical DMA attack on Windows 10
  28. WhatsApp Business acquisition guide
  29. Apple collect browsing history in a hidden log
  30. Environmently friendly reverse engineering
  31. Demystifying Android physical acquisition
  32. Encrypting for Apple’s Secure Enclave
  33. Oracle plans to drop Java serialization support, the source of most security bugs
  34. Pwned Passwords in practice: real world examples of blocking the worst passwords
  35. Google Pixel 2 devices implement insider attack resistance
  36. Remote authentication GeoFeasibility tool – GeoLogonalyzer
  37. iOS 11.4.1 Beta: USB Restricted Mode has arrived
  38. A outage on 1.1.1.1 resolver service

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *