Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- Adrian Lamo, ‘homeless hacker’ who turned in Chelsea Manning, dead at 37
- Big Data Gate
- How Trump Consultants Exploited the Facebook Data of Millions
- 50 million Facebook profiles harvested for Cambridge Analytica in major data breach
- [VIDEO] Cambridge Analytica whistleblower
- Mark Zuckerberg breaks silence on Cambridge Analytica
- Who is Dr Aleksandr Kogan, the Cambridge academic accused of misusing Facebook data
- Every Facebook app collected users’ personal data
- Level 3 technician’s misstep causes largest outage ever reported
- Orbitz says legacy travel site likely hacked, affecting 880k
- Kaspersky’s ‘Slingshot’ report burned an ISIS-focused intelligence operation
- Nine Iranians indicted by US for hacking to steal research data + FBI’s wanted list
- Telegram loses bid to block Russia from encryption keys
- Some people repeatedly win the Wisconsin Lottery. Do they play fair?
- The ‘Breaking Bad’ student gang who sold $1m worth of drugs over the ‘dark web’
- Reddit just banned /r/DarkNetMarkets – biggest darknet subreddit
- Pirate websites expose users to more malware
- Protecting security researchers at Dropbox
- Kaspersky Lab plans Swiss data center
For the more technical
- A bug in Cloudflare’s Auto Minify service
- Initial AMD technical assessment of CTS Labs research
- Siemens patches DoS flaws in industrial products (PDF)
- Drupal 7 and 8 core highly critical release
- Thousands of etcd servers are openly sharing credentials
- Windows Remote Assistance XXE vulnerability
- A beautiful exploit chain on GitHub Enterprise
- Breaking the Ledger security model
- Ethereum account balance manipulation
- Recovering plaintext passwords from Azure virtual machines
- Facebook scraped call, text message data for years from Android phones
- Leaking Facebook internal IP infrastructure
- TeleRAT: Android trojan leveraging Telegram’s Bot API to target Iranian users
- Reversing iBank trojan
- New Fakebank variant intercepts calls to connect banking users to scammers
- TrickBot banking trojan adapts with new module
- Dofoil trojan with coin-miner
- Glupteba is no longer part of Windigo
- Pop-up ads are helping distribute botnets, cryptocurrency miners and ransomware
- Sigma ransomware resurfaces following a three-month disappearance
- Sanny malware delivery method updated in recently observed attacks
- URL shortcut files abused to deliver malware
- Cryptocurrency miner distributed via PHP vulnerability, targets Linux servers
- How long does it take for a MongoDB to be compromised
- GitHub hosts infostealer – part 1 & 2
- Oracle EBS password decryption scheme
- Dynamic analysis of iOS apps without Jailbreak
- Online sandboxing services as a data exfiltration intermediary (PDF)
- Gaining filesystem access via blind OOB XXE
- Strategies in ransomware for robots
- New R2D2 technique protects files against wiper malware
- Introducing Certificate Transparency and Nimbus
- Energetic DragonFly DYMALLOY Bear 2.0
- Watering hole attack on leading Hong Kong telecom site exploiting Flash flaw
- Scarlett Johansson’s picture got PostgreSQL database to start mining monero
- Happy New Year wishes from China
- APT attacks targeting financial institutions (PDF)
- Assessing the cyber readiness of the Middle East’s oil and gas sector
- Q4 2017 global DDoS threat landscape report
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – March 26, 2018”