IT Security Weekend Catch Up – March 11, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. OUCH! Newsletter: Disposing of your mobile device (PDF)
  2. Thousands face incorrect benefit cuts from automated fraud detector
  3. Hackers sell access to bait-and-switch empire
  4. Marriott data breach has cost the hotel chain only $3 million so far, after insurance
  5. 800+ million emails leaked online by email verification service
  6. Facebook suit reveals Ukrainian hackers used quizzes to take data from 60,000 users
  7. Alphabet’s Chronicle security firm launches Backstory telemetry platform
  8. The prototype iPhones that hackers use to research Apple’s most sensitive code
  9. As phones get harder to hack, zero day vendors hunt for router exploits
  10. WikiLeaks veteran: I ‘cooperated’ with feds ‘in exchange for immunity’
  11. What happened when the FBI took over the Instagram and Kik of a child porn dealer
  12. US tech firms fear China could be spying on them using power cords
  13. How the Cincinnati FBI cracked the Chinese spy case at GE Aviation
  14. As Trump and Kim Met, North Korean hackers hit over 100 targets in U.S. and ally nations
  15. Google employees uncover ongoing work on censored China search

For the more technical

  1. Cisco RV130 – It’s 2019, but yet: strcpyadditional information
  2. Google Chrome web browser vulnerability
  3. Disclosing vulnerabilities to protect users across platforms
  4. SirepRAT – RCE as SYSTEM on Windows IoT Core
  5. Windows Exploit Suggester – Next Generation
  6. Updated analysis of PatchGuard on Microsoft Windows 10 RS4
  7. Zerodium offering big bucks for cloud zero-days
  8. The return of the Equation Editor Exploit – DIFAT overflow
  9. Finding a vulnerability in Windows Servers deployment services
  10. The worst of both worlds: Combining NTLM Relaying and Kerberos delegation
  11. Stopping Drupal’s SA-CORE-2019-003 vulnerability
  12. Facebook exploit – Confirm website visitor identities
  13. Facebook Messenger server random memory exposure through corrupted GIF image
  14. Facebook Messenger bug revealed who you had conversations with
  15. Finding and exploiting CVE-2018–7445 (unauthenticated RCE in MikroTik’s RouterOS SMB)
  16. Horizontal Privilege Escalation on Quora which can compromise all users on Quora
  17. Playing with CloudGoat: hacking AWS with Pacu
  18. MarioNet: Abusing web browsersfor persistent and stealthy computation (PDF)
  19. Hundreds of vulnerable Docker hosts exploited by cryptocurrency miners
  20. Android TV bug gave users access to strangers’ Google Photos
  21. Reversing, analyzing, and attacking Google’s ‘nearby connections’ on Android
  22. Android messaging: A few bugs short of a chain
  23. Gaining domain admin due to a typo
  24. SPOILER: Speculative load hazards boost Rowhammer and cache attacks (PDF)
  25. Google reveals “high severity” flaw in macOS kernel
  26. Google reveals BuggyCow, a rare macOS zero-day vulnerability
  27. MacOS Malware Pedia
  28. The supreme backdoor factory
  29. New SLUB backdoor uses GitHub, communicates via Slack
  30. Financial cyberthreats in 2018
  31. Fileless banking trojan targeting Brazilian banks downloads possible botnet capability
  32. Analysing a massive Office 365 phishing campaign
  33. State of the Bronze Union: A brief snapshot
  34. APT40: Examining a China-nexus espionage actor
  35. Iranian-backed hackers stole data from major U.S. government contractor
  36. Citrix investigating unauthorized access to internal network
  37. Rare look inside command and control of nation-state cyber espionage campaign
  38. Triton: The inside story of the world’s most dangerous malware
  39. ExSpectre: Hiding malware in speculative execution (PDF)
  40. How Pirate Matryoshka, the torrent malware from Pirate Bay, works
  41. Mobile malware evolution 2018
  42. How to find active VPN connection in the memory dump
  43. Hacking ski helmet audio
  44. From hard drive to over-heard drive: Boffins convert spinning rust into eavesdropping mic
  45. Don’t worry about being locked with Loccess
  46. Gone in six seconds? Exploiting car alarms
  47. Firefox to add Tor Browser anti-fingerprinting technique called letterboxing

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *