IT Security Weekend Catch Up – March 24, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Ad tech surveillance on the public sector web (PDF)
  2. Facebook stored hundreds of millions of user passwords in plain text for years
  3. Facebook ruins woman’s attempt to pin crime on her sister
  4. Facebook-Google scammer pleads guilty in $121 million theft
  5. Man arrested for selling one million Netflix, Spotify, Hulu passwords
  6. Flood of 4K James Bond leaks further point to iTunes breach
  7. Why phone numbers stink as identity proof
  8. Nokia firmware blunder sent some user data to China + more information
  9. This spyware data leak is so bad we can’t even tell you about it
  10. Here’s what it’s like to accidentally expose the data of 230M people
  11. Education and science giant Elsevier left users’ passwords exposed online
  12. Buy one device, get data free: Private information remains on donated tech
  13. Hated and hunted – the perilous life of the computer virus cracker
  14. Alleged child porn lord faces US extradition
  15. DDoS-for-hire crackdown leads to 85% drop in attack sizes
  16. How hackers pulled off a $20 million Mexican bank heist
  17. UK code breakers drop Bombe, Enigma and Typex simulators onto the web for all to try
  18. Russia blocks encrypted email provider ProtonMail
  19. Former Chinese naval officer recounts how he procured aircraft technology for regime
  20. 1,600 hotel guests secretly live streamed to 4,000+ subscribers
  21. Leaker, liar, hacker, hoaxer: The Russian contractor who infiltrated Anonymous
  22. Russian hackers are targeting European governments ahead of May election

For the more technical

  1. Test of software for online banking protection
  2. Pwn2Own Vancouver 2019: Day one results
  3. Pwn2Own Vancouver 2019: Day two results
  4. Pwn2Own Vancouver 2019: Wrapping up and rolling out
  5. Google, Microsoft work together for a year to figure out new type of Windows flaw
  6. CVE-2019-0604: Details of a Microsoft SharePoint RCE vulnerability
  7. CVE-2019-5786: Analysis & exploitation of the recently patched Chrome vulnerability
  8. RCE on Steam Client via buffer overflow in Server Info
  9. PuTTY releases important software update to patch 8 high-severity flaws
  10. Many vulnerabilities discovered in Moxa industrial switches
  11. IPv6 unmasking via UPnP
  12. Over 100,000 GitHub repos have leaked API or cryptographic keys
  13. Now-patched Google Photos vulnerability let hackers track your friends and location history
  14. Discovering a zero day and getting code execution on Mozilla’s AWS Network
  15. Metallurgical giant Norsk Hydro attacked by encrypting malware
  16. Ransomware or wiper? LockerGoga straddles the line
  17. What you need to know about the LockerGoga ransomware
  18. Ransomware forces two chemical companies to order ‘hundreds of new computers’
  19. Triton is the world’s most murderous malware, and it’s spreading
  20. AZORult++: Rewriting history
  21. GlitchPOS: New PoS malware for sale
  22. New Ursnif variant targets Japan packed with new features
  23. Shlayer purveyor VeryMal renounces steganography in favor of Google Firebase
  24. From fileless techniques to using steganography: Examining Powload’s evolution
  25. Dissecting a NETWIRE phishing campaign’s usage of process hollowing
  26. A study of RATs: Third timeline iteration
  27. FIN7 revisited: Inside Astra panel and SQLRat malware
  28. Clustering and associating attacker activity at scale
  29. PewDiePie fans keep making junk ransomware + Decrypter for PewCrypt
  30. A free decrypter for BigBobRoss ransomware
  31. Mimicking native iOS behavior in Facebook phishing campaign
  32. Spam warns about Boeing 737 Max crashes while pushing malware
  33. This giant ad fraud scheme drained users’ data by running hidden video ads in Android apps
  34. New Mirai variant targets enterprise wireless presentation & display systems
  35. Some Android VPN apps request access to sensitive permissions they don’t need
  36. Breaking the bank: Weakness in financial AI applications
  37. Keep data secure with Gmail confidential mode (beta)
  38. Practical advice for earning higher Microsoft bounty awards

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *