Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- OUCH! Security Awareness Newsletter (PDF)
- Tricks that cybercriminals use to hide in your phone
- Nude videos of Dutch Women’s Handball Team leaked
- The Dutch Data Protection Authority accidentally leaked its employees’ data
- How Equifax kept its mega breach secret from its own staff + additional information
- Researcher who stopped WannaCry
- How American tech help Turkey spy in Syria
- Chinese police are using smart glasses to identify potential suspects
- Facebook quietly hid webpages bragging about ability to influence elections
- Russian pleads guilty to aiding massive hacks in U.S.
- U.S. sanctions Russians for alleged election meddling + additional information
- Russian hackers attacked U.S. Aviation
- Saudi Arabia cyber attack goal was chemical plant explosion
- ENISA has established Transport Resilience and Security Expert Group
- China to bar people with bad social credit from planes, trains
- Narco Sub developments and trends
For the more technical
- Android Security 2017 Year In Review (PDF)
- Microsoft Security Intelligence Report is now available
- Critical security vulnerabilities in AMD processors (PDF)
- Controversies about the AMD backdoor
- CTS Labs responds to allegations
- Microsoft March 2018 Patch Tuesday
- Samba patches two critical vulnerabilities
- Serious flaws affect ManageEngine Applications Manager
- Cisco Prime Collaboration Provisioning hard-coded password vulnerability
- Several privacy-busting bugs found in popular VPN services
- MikroTik RouterOS SMB buffer overflow
- Mitigating speculative execution side channel hardware vulnerabilities
- Microsoft willing to pay up to $250,000 for Meltdown and Spectre exploits
- Detecting attacks that exploit Meltdown and Spectre with performance counters
- Pwn2Own 2018 results – day one (March 14), day two (March 15)
- Data exfiltration technique steals data from PCs using speakers, headphones
- DJI Spark hijacking
- Analysis of a Kubernetes hack
- Master password in Firefox or Thunderbird doesn’t improve security considerably
- Scanning the Alexa Top 1M for .DS_Store files
- LNK file in Startup folder can spawn arbitrary file/command
- Google tricked into serving scam Amazon ads
- Early memcached DDoS attack precursors and ransom notes
- Tropic Trooper’s new strategy
- An analysis of RoyalCli and RoyalDNS by APT15
- Donot Team leverages new modular malware framework in South Asia
- Sofacy uses DealersChoice to target European government agency
- OceanLotus ships new backdoor using old tricks
- Targeted attacks in the Middle East + additional information
- Russian government cyber activity targeting critical infrastructure sectors
- Chinese cyber espionage group targeting U.S. engineering and maritime industries
- How your Ethereum can be stolen through DNS rebinding
- Poisoned Torrent client triggered coin miner outbreak
- Dangerous malware stealing bitcoin hosted on Download.com for years
- A cryptocurrency miner in the Mac App Store + technical description
- New Monero mining malware discovered in Google Play
- IOTA signatures, private keys and address reuse
- The increasing threat of cryptocurrency miners
- Let’s Encrypt takes free wildcard certificates live
- Protecting against HSTS abuse
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – March 18, 2018”