Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- UN aviation agency concealed serious hack
- Russian hacker who used Neverquest malware to steal money pleads guilty
- Booter boss interviewed in 2014 pleads guilty
- Former Russian cybersecurity chief sentenced to 22 years in prison
- Bank customers hit by dozens of IT shutdowns
- Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked
- Content analysis of cyber insurance policies: how do carriers price cyber risk?
- Crypto mining service Coinhive to call it quits
- U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms
- Court records reveal a Mueller report right in plain view
- Cartel was smuggling meth into Canada in Ford cars built in Mexico
- An IT whizkid accused of $17million dark web drug ring has home, cash seized
- The feds’ favorite iPhone hacking tool is selling on eBay for $100—and it’s leaking data
- Payroll provider gives extortionists a payday
- Former Hacking Team members are now spying on the blockchain for Coinbase
- First hacker millionaire on HackerOne
- Five of the top bug bounty platforms
For the more technical
- PDF samples tracking users who use Google Chrome as local PDF viewer
- Adobe Reader – PDF callback via XSLT stylesheet in XFA
- Researchers break digital signatures for most desktop PDF viewers + technical description
- Thunderbolt vulnerabilities leave computers wide-open (PDF)
- Is CVE-2019-7287 hidden in ProvInfoIOKitUserClient?
- Latest Drupal RCE flaw used by cryptocurrency miners and other attackers
- SHAREit multiple vulnerabilities enable unrestricted access to adjacent devices’ files
- Analyzing a Windows DHCP server bug (CVE-2019-0626)
- Cisco: Patch routers now against massive 9.8/10-severity security hole
- CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER)
- Bypassing Duo two-factor authentication
- Bypass Windows Defender Attack Surface Reduction
- Analyzing WordPress remote code execution vulnerabilities
- Chain of hacks leading to database compromise
- New flaws in 4G, 5G allow attackers to intercept calls and track phone locations
- Supermicro hardware weaknesses let researchers backdoor an IBM cloud server + more information
- The missing security primer for bare metal cloud services
- How to attack and defend a prosthetic arm
- New global attack on Point of Sale systems
- Into the web of profit (PDF) + summary
- DDoS attacks in Q4 2018
- Why DNSSEC should matter to activists
- Tracking my phone’s silent connections
- Identifying Cobalt Strike team servers in the wild
- New variant of Qbot banking malware
- Pragmatic political campaign security
- Hacking group using Polyglot images to hide malvertising attacks
- Fake browser updates push ransomware and bank malware
- Exposed Docker control API and community image abused to deliver cryptocurrency-mining malware
- Novel phishing scam uses custom web fonts to evade detection
- How a hacking group is stealing popular Instagram profiles
- Cisco Talos honeypot analysis reveals rise in attacks on Elasticsearch clusters
- ICAO victim of a major cyberattack in 2016
- Google Analytics and Angular in Magento credit card stealing scripts
- Magecart Group 4: Never gone, always advancing
- Wireshark 3.0.0 has been released
- Google Play Protect in 2018: New updates to keep Android users secure
- Android Security Improvement update
- Lessons learned from the Microsoft SOC—Part 1: Organization
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – March 3, 2019”