IT Security Weekend Catch Up – March 10, 2018

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

1. Trader accused of stealing $3,25 million in Bitcoin and Litecoin
2. [VIDEO] The fundamentals of aviation cyber security
3. Does Tor let government peek at vulnerabilities?
4. It’s time to ditch SMS 2-factor verification
5. American startup promises to unlock iPhone X for the feds
6. Cellebrite Arms Forensic Examiners with new capabilities
7. APT coverage in the media is not a complete picture of the real conflict in the cyber domain
8. MoviePass app tracks users’ location before and after movies
9. Oral history of the LØpht Heavy Industries
10. Ukraine sentences two citizens for DDoS extortion campaigns
11. Leaked files show how the NSA tracks other countries’ hackers
12. Fraudsters jailed for £37m copycat web scam
13. UK company linked to laundered Bitcoin billions
14. Hackers are trading hundreds of thousands of xHamster porn account details
15. Hackers stole 860,000 euros from 32 ATMs in just one night
16. Feds bust CEO allegedly selling custom BlackBerry phones to Sinaloa drug cartel
17. Mazda cars could be vulnerable to a privacy-invading attack
18. What is your bank’s security banking on?
19. American and Russian hackers on the same server in China

For the more technical

1. Eavesdropping on WiFi Baby Monitor
2. Intercepting Belgian eID traffic with Burp Suite
3. A measurement analysis of Silk Road
4. New ComboJack malware alters clipboards to steal cryptocurrency
5. Gaining domain admin from outside Active Directory
6. Bypassing Google’s authentication to access their Internal Admin panels
7. New DDoS record is now 1.7 Tbps
8. Critical vulnerability in Spring Data REST
9. GPG Reaper – method for obtaining GPG private keys from gpg-agent memory
10. Patches to mitigate Meltdown and Spectre have been problematic
11. Wire application-level security audits
12. Database leak in one of the biggest Swiss hosting provider
13. NSA’s perspective on APT landscape (PDF)
14. Exim off-by-one RCE
15. The world’s largest repository of historical DNS data
16. Red team laptop & infrastructure
17. Researchers bypassed Windows password locks with Cortana voice commands
18. Gozi leverages Dark Cloud botnet for distribution
19. Nike website flaw exposed sensitive server data
20. Vulnerability affecting MainWP Child WordPress plugin
21. What it takes to break an encryption
22. Cryptocurrency scams on Android (PDF)
23. Defending against password spray attacks in Azure AD and ADFS
24. Flash dumping
25. Three ways to hack an ATM
26. Android apps infected with Windows malware found on Google Play
27. Analysis of the incident in Lithuania (PDF)
28. The EITest campaign responsible for traffic distribution
29. Stored XSS, and SSRF in Google’s Dataset Publishing tools
30. Hardcoded password found in Cisco software
31. Technique discovered that can mitigate Memcached DDoS attacks
32. Analysis of Memcached DDoS attacks
33. Memcached DDoS attackers are asking for a ransom demand
34. The real cause of large DDoS – IP spoofing
35. Windows Defender halted massive Dofoil attack
36. Password manager maker Keeper has a new problem
37. More facts about the origin of OlympicDestroyer
38. PacketLogic devices used to deploy government spyware in Turkey
39. Hidden Cobra targets Turkish financial sector
40. Using Russian characters to avoid fake news and plagiarism detectors
41. Slingshot APT spreads through routers + additional information
42. Emirates Airline website doesn’t care about privacy
43. Getting any Facebook user’s friend list and partial payment card details
44. Sofacy/APT28 Activity
45. New traces of Hacking Team in the wild
46. Cisco 2018 Annual Cybersecurity Report (PDF)
47. Banking trojan found in over 40 models of low-cost Android smartphones
48. UEFI security from the perspectives of attacker and defender
49. ShiOne ransomware case study
50. How Office 365 protects from modern phishing campaigns
51. Mobile banking trojans targeting crypto-currencies
52. Malware steals data directly from the device to hack Facebook accounts
53. Phishing campaign used 3 separate vectors
54. CIGslip attack bypasses Microsoft’s Code Integrity Guard
55. New investigations into the CCleaner incident
56. Analysis of CRIMEB4NK IRC bot
57. How “brute checkers” are used to rob your online accounts

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.