Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Trader accused of stealing $3,25 million in Bitcoin and Litecoin
- [VIDEO] The fundamentals of aviation cyber security
- Does Tor let government peek at vulnerabilities?
- It’s time to ditch SMS 2-factor verification
- American startup promises to unlock iPhone X for the feds
- Cellebrite Arms Forensic Examiners with new capabilities
- APT coverage in the media is not a complete picture of the real conflict in the cyber domain
- MoviePass app tracks users’ location before and after movies
- Oral history of the LØpht Heavy Industries
- Ukraine sentences two citizens for DDoS extortion campaigns
- Leaked files show how the NSA tracks other countries’ hackers
- Fraudsters jailed for £37m copycat web scam
- UK company linked to laundered Bitcoin billions
- Hackers are trading hundreds of thousands of xHamster porn account details
- Hackers stole 860,000 euros from 32 ATMs in just one night
- Feds bust CEO allegedly selling custom BlackBerry phones to Sinaloa drug cartel
- Mazda cars could be vulnerable to a privacy-invading attack
- What is your bank’s security banking on?
- American and Russian hackers on the same server in China
For the more technical
- Eavesdropping on WiFi Baby Monitor
- Intercepting Belgian eID traffic with Burp Suite
- A measurement analysis of Silk Road
- New ComboJack malware alters clipboards to steal cryptocurrency
- Gaining domain admin from outside Active Directory
- Bypassing Google’s authentication to access their Internal Admin panels
- New DDoS record is now 1.7 Tbps
- Critical vulnerability in Spring Data REST
- GPG Reaper – method for obtaining GPG private keys from gpg-agent memory
- Patches to mitigate Meltdown and Spectre have been problematic
- Wire application-level security audits
- Database leak in one of the biggest Swiss hosting provider
- NSA’s perspective on APT landscape (PDF)
- Exim off-by-one RCE
- The world’s largest repository of historical DNS data
- Red team laptop & infrastructure
- Researchers bypassed Windows password locks with Cortana voice commands
- Gozi leverages Dark Cloud botnet for distribution
- Nike website flaw exposed sensitive server data
- Vulnerability affecting MainWP Child WordPress plugin
- What it takes to break an encryption
- Cryptocurrency scams on Android (PDF)
- Defending against password spray attacks in Azure AD and ADFS
- Flash dumping
- Three ways to hack an ATM
- Android apps infected with Windows malware found on Google Play
- Analysis of the incident in Lithuania (PDF)
- The EITest campaign responsible for traffic distribution
- Stored XSS, and SSRF in Google’s Dataset Publishing tools
- Hardcoded password found in Cisco software
- Technique discovered that can mitigate Memcached DDoS attacks
- Analysis of Memcached DDoS attacks
- Memcached DDoS attackers are asking for a ransom demand
- The real cause of large DDoS – IP spoofing
- Windows Defender halted massive Dofoil attack
- Password manager maker Keeper has a new problem
- More facts about the origin of OlympicDestroyer
- PacketLogic devices used to deploy government spyware in Turkey
- Hidden Cobra targets Turkish financial sector
- Using Russian characters to avoid fake news and plagiarism detectors
- Slingshot APT spreads through routers + additional information
- Emirates Airline website doesn’t care about privacy
- Getting any Facebook user’s friend list and partial payment card details
- Sofacy/APT28 Activity
- New traces of Hacking Team in the wild
- Cisco 2018 Annual Cybersecurity Report (PDF)
- Banking trojan found in over 40 models of low-cost Android smartphones
- UEFI security from the perspectives of attacker and defender
- ShiOne ransomware case study
- How Office 365 protects from modern phishing campaigns
- Mobile banking trojans targeting crypto-currencies
- Malware steals data directly from the device to hack Facebook accounts
- Phishing campaign used 3 separate vectors
- CIGslip attack bypasses Microsoft’s Code Integrity Guard
- New investigations into the CCleaner incident
- Analysis of CRIMEB4NK IRC bot
- How “brute checkers” are used to rob your online accounts
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Amazing website with awesome content. Running my own blog in antivirus I really appreciate other sources of information like yours. Thanks!