IT Security Weekend Catch Up – March 10, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Trader accused of stealing $3,25 million in Bitcoin and Litecoin
  2. [VIDEO] The fundamentals of aviation cyber security
  3. Does Tor let government peek at vulnerabilities?
  4. It’s time to ditch SMS 2-factor verification
  5. American startup promises to unlock iPhone X for the feds
  6. Cellebrite Arms Forensic Examiners with new capabilities
  7. APT coverage in the media is not a complete picture of the real conflict in the cyber domain
  8. MoviePass app tracks users’ location before and after movies
  9. Oral history of the LØpht Heavy Industries
  10. Ukraine sentences two citizens for DDoS extortion campaigns
  11. Leaked files show how the NSA tracks other countries’ hackers
  12. Fraudsters jailed for £37m copycat web scam
  13. UK company linked to laundered Bitcoin billions
  14. Hackers are trading hundreds of thousands of xHamster porn account details
  15. Hackers stole 860,000 euros from 32 ATMs in just one night
  16. Feds bust CEO allegedly selling custom BlackBerry phones to Sinaloa drug cartel
  17. Mazda cars could be vulnerable to a privacy-invading attack
  18. What is your bank’s security banking on?
  19. American and Russian hackers on the same server in China

For the more technical

  1. Eavesdropping on WiFi Baby Monitor
  2. Intercepting Belgian eID traffic with Burp Suite
  3. A measurement analysis of Silk Road
  4. New ComboJack malware alters clipboards to steal cryptocurrency
  5. Gaining domain admin from outside Active Directory
  6. Bypassing Google’s authentication to access their Internal Admin panels
  7. New DDoS record is now 1.7 Tbps
  8. Critical vulnerability in Spring Data REST
  9. GPG Reaper – method for obtaining GPG private keys from gpg-agent memory
  10. Patches to mitigate Meltdown and Spectre have been problematic
  11. Wire application-level security audits
  12. Database leak in one of the biggest Swiss hosting provider
  13. NSA’s perspective on APT landscape (PDF)
  14. Exim off-by-one RCE
  15. The world’s largest repository of historical DNS data
  16. Red team laptop & infrastructure
  17. Researchers bypassed Windows password locks with Cortana voice commands
  18. Gozi leverages Dark Cloud botnet for distribution
  19. Nike website flaw exposed sensitive server data
  20. Vulnerability affecting MainWP Child WordPress plugin
  21. What it takes to break an encryption
  22. Cryptocurrency scams on Android (PDF)
  23. Defending against password spray attacks in Azure AD and ADFS
  24. Flash dumping
  25. Three ways to hack an ATM
  26. Android apps infected with Windows malware found on Google Play
  27. Analysis of the incident in Lithuania (PDF)
  28. The EITest campaign responsible for traffic distribution
  29. Stored XSS, and SSRF in Google’s Dataset Publishing tools
  30. Hardcoded password found in Cisco software
  31. Technique discovered that can mitigate Memcached DDoS attacks
  32. Analysis of Memcached DDoS attacks
  33. Memcached DDoS attackers are asking for a ransom demand
  34. The real cause of large DDoS – IP spoofing
  35. Windows Defender halted massive Dofoil attack
  36. Password manager maker Keeper has a new problem
  37. More facts about the origin of OlympicDestroyer
  38. PacketLogic devices used to deploy government spyware in Turkey
  39. Hidden Cobra targets Turkish financial sector
  40. Using Russian characters to avoid fake news and plagiarism detectors
  41. Slingshot APT spreads through routersadditional information
  42. Emirates Airline website doesn’t care about privacy
  43. Getting any Facebook user’s friend list and partial payment card details
  44. Sofacy/APT28 Activity
  45. New traces of Hacking Team in the wild
  46. Cisco 2018 Annual Cybersecurity Report (PDF)
  47. Banking trojan found in over 40 models of low-cost Android smartphones
  48. UEFI security from the perspectives of attacker and defender
  49. ShiOne ransomware case study
  50. How Office 365 protects from modern phishing campaigns
  51. Mobile banking trojans targeting crypto-currencies
  52. Malware steals data directly from the device to hack Facebook accounts
  53. Phishing campaign used 3 separate vectors
  54. CIGslip attack bypasses Microsoft’s Code Integrity Guard
  55. New investigations into the CCleaner incident
  56. Analysis of CRIMEB4NK IRC bot
  57. How “brute checkers” are used to rob your online accounts

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *