Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Trader accused of stealing $3,25 million in Bitcoin and Litecoin
- [VIDEO] The fundamentals of aviation cyber security
- Does Tor let government peek at vulnerabilities?
- It’s time to ditch SMS 2-factor verification
- American startup promises to unlock iPhone X for the feds
- Cellebrite Arms Forensic Examiners with new capabilities
- APT coverage in the media is not a complete picture of the real conflict in the cyber domain
- MoviePass app tracks users’ location before and after movies
- Oral history of the LØpht Heavy Industries
- Ukraine sentences two citizens for DDoS extortion campaigns
- Leaked files show how the NSA tracks other countries’ hackers
- Fraudsters jailed for £37m copycat web scam
- UK company linked to laundered Bitcoin billions
- Hackers are trading hundreds of thousands of xHamster porn account details
- Hackers stole 860,000 euros from 32 ATMs in just one night
- Feds bust CEO allegedly selling custom BlackBerry phones to Sinaloa drug cartel
- Mazda cars could be vulnerable to a privacy-invading attack
- What is your bank’s security banking on?
- American and Russian hackers on the same server in China
For the more technical
- Eavesdropping on WiFi Baby Monitor
- Intercepting Belgian eID traffic with Burp Suite
- A measurement analysis of Silk Road
- New ComboJack malware alters clipboards to steal cryptocurrency
- Gaining domain admin from outside Active Directory
- Bypassing Google’s authentication to access their Internal Admin panels
- New DDoS record is now 1.7 Tbps
- Critical vulnerability in Spring Data REST
- GPG Reaper – method for obtaining GPG private keys from gpg-agent memory
- Patches to mitigate Meltdown and Spectre have been problematic
- Wire application-level security audits
- Database leak in one of the biggest Swiss hosting provider
- NSA’s perspective on APT landscape (PDF)
- Exim off-by-one RCE
- The world’s largest repository of historical DNS data
- Red team laptop & infrastructure
- Researchers bypassed Windows password locks with Cortana voice commands
- Gozi leverages Dark Cloud botnet for distribution
- Nike website flaw exposed sensitive server data
- Vulnerability affecting MainWP Child WordPress plugin
- What it takes to break an encryption
- Cryptocurrency scams on Android (PDF)
- Defending against password spray attacks in Azure AD and ADFS
- Flash dumping
- Three ways to hack an ATM
- Android apps infected with Windows malware found on Google Play
- Analysis of the incident in Lithuania (PDF)
- The EITest campaign responsible for traffic distribution
- Stored XSS, and SSRF in Google’s Dataset Publishing tools
- Hardcoded password found in Cisco software
- Technique discovered that can mitigate Memcached DDoS attacks
- Analysis of Memcached DDoS attacks
- Memcached DDoS attackers are asking for a ransom demand
- The real cause of large DDoS – IP spoofing
- Windows Defender halted massive Dofoil attack
- Password manager maker Keeper has a new problem
- More facts about the origin of OlympicDestroyer
- PacketLogic devices used to deploy government spyware in Turkey
- Hidden Cobra targets Turkish financial sector
- Using Russian characters to avoid fake news and plagiarism detectors
- Slingshot APT spreads through routers + additional information
- Emirates Airline website doesn’t care about privacy
- Getting any Facebook user’s friend list and partial payment card details
- Sofacy/APT28 Activity
- New traces of Hacking Team in the wild
- Cisco 2018 Annual Cybersecurity Report (PDF)
- Banking trojan found in over 40 models of low-cost Android smartphones
- UEFI security from the perspectives of attacker and defender
- ShiOne ransomware case study
- How Office 365 protects from modern phishing campaigns
- Mobile banking trojans targeting crypto-currencies
- Malware steals data directly from the device to hack Facebook accounts
- Phishing campaign used 3 separate vectors
- CIGslip attack bypasses Microsoft’s Code Integrity Guard
- New investigations into the CCleaner incident
- Analysis of CRIMEB4NK IRC bot
- How “brute checkers” are used to rob your online accounts
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
1 thought on “IT Security Weekend Catch Up – March 10, 2018”