IT Security Weekend Catch Up – March 3, 2019

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. UN aviation agency concealed serious hack
  2. Russian hacker who used Neverquest malware to steal money pleads guilty
  3. Booter boss interviewed in 2014 pleads guilty
  4. Former Russian cybersecurity chief sentenced to 22 years in prison
  5. Bank customers hit by dozens of IT shutdowns
  6. Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked
  7. Content analysis of cyber insurance policies: how do carriers price cyber risk?
  8. Crypto mining service Coinhive to call it quits
  9. U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms
  10. Court records reveal a Mueller report right in plain view
  11. Cartel was smuggling meth into Canada in Ford cars built in Mexico
  12. An IT whizkid accused of $17million dark web drug ring has home, cash seized
  13. The feds’ favorite iPhone hacking tool is selling on eBay for $100—and it’s leaking data
  14. Payroll provider gives extortionists a payday
  15. Former Hacking Team members are now spying on the blockchain for Coinbase
  16. First hacker millionaire on HackerOne
  17. Five of the top bug bounty platforms

For the more technical

  1. PDF samples tracking users who use Google Chrome as local PDF viewer
  2. Adobe Reader – PDF callback via XSLT stylesheet in XFA
  3. Researchers break digital signatures for most desktop PDF viewers + technical description
  4. Thunderbolt vulnerabilities leave computers wide-open (PDF)
  5. Is CVE-2019-7287 hidden in ProvInfoIOKitUserClient?
  6. Latest Drupal RCE flaw used by cryptocurrency miners and other attackers
  7. SHAREit multiple vulnerabilities enable unrestricted access to adjacent devices’ files
  8. Analyzing a Windows DHCP server bug (CVE-2019-0626)
  9. Cisco: Patch routers now against massive 9.8/10-severity security hole
  10. CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER)
  11. Bypassing Duo two-factor authentication
  12. Bypass Windows Defender Attack Surface Reduction
  13. Analyzing WordPress remote code execution vulnerabilities
  14. Chain of hacks leading to database compromise
  15. New flaws in 4G, 5G allow attackers to intercept calls and track phone locations
  16. Supermicro hardware weaknesses let researchers backdoor an IBM cloud server + more information
  17. The missing security primer for bare metal cloud services
  18. How to attack and defend a prosthetic arm
  19. New global attack on Point of Sale systems
  20. Into the web of profit (PDF) + summary
  21. DDoS attacks in Q4 2018
  22. Why DNSSEC should matter to activists
  23. Tracking my phone’s silent connections
  24. Identifying Cobalt Strike team servers in the wild
  25. New variant of Qbot banking malware
  26. Pragmatic political campaign security
  27. Hacking group using Polyglot images to hide malvertising attacks
  28. Fake browser updates push ransomware and bank malware
  29. Exposed Docker control API and community image abused to deliver cryptocurrency-mining malware
  30. Novel phishing scam uses custom web fonts to evade detection
  31. How a hacking group is stealing popular Instagram profiles
  32. Cisco Talos honeypot analysis reveals rise in attacks on Elasticsearch clusters
  33. ICAO victim of a major cyberattack in 2016
  34. Google Analytics and Angular in Magento credit card stealing scripts
  35. Magecart Group 4: Never gone, always advancing
  36. Wireshark 3.0.0 has been released
  37. Google Play Protect in 2018: New updates to keep Android users secure
  38. Android Security Improvement update
  39. Lessons learned from the Microsoft SOC—Part 1: Organization

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *