Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We’ll try to keep it alive!
For the less technical
- The dark web’s favorite currency is less untraceable than it seems
- [AUDIO] Why Russia “hacks” elections: a spy’s-eye view
- Brute force attack known as password spraying against organizations in the United States
- Mastermind behind EUR 1 billion cyber bank robbery arrested in Spain
- Boeing possibly hit by ‘WannaCry’ malware attack
- Improving credential abuse threat mitigation
- The hilarious ways algorithms have outsmarted their creators
- Working towards a more diverse future in security
For the more technical
- Brian Krebs report on Coinhive
- Angry users donate $120k to cancer research after Brian Krebs’ Coinhive article
- [VIDEO] Tracing stolen bitcoin + PDF
- Hackers are using a 5-year-old vulnerability to mine Monero
- How machine learning detects cryptocurrency-mining malware
- Monero-mining HiddenMiner Android malware can potentially cause device failure
- Microsoft’s Meltdown patch created an even bigger flaw
- Vulnerabilities in Siemens’ building technologies products (PDF)
- Serious vulnerability identified in Beckhoff TwinCAT PLC software solution
- Multiple vulnerabilities identified in the Modicon family of industrial controllers
- Cisco addresses critical remote code execution flaws in IOS XE operating system
- One hash to rule them all: drupalgeddon2 + additional information
- The top 10 vulnerabilities used by cybercriminals
- Apache Struts 2 vulnerability
- Intel CPUs vulnerable to new ‘BranchScope’ attack + PDF
- VPN leaks users’ IPs via WebRTC
- Grindr security flaw exposes users’ location data
- Life cycle of a web app 0day
- From hacked client to 0day discovery
- Arbitrary files upload in Amazon Go
- Side-channel information leakage in mobile applications
- Omitting the “o” in .com could be costly
- Suspicious likes lead to researcher lighting up a 22,000-strong botnet on Twitter
- Taking down Gooligan – part 1, 2 & 3
- An analysis of 24 hours of Internet attacks using honeypots (PDF)
- Threat landscape for industrial automation systems in H2 2017
- Overview of MuddyWater
- Lazarus group targets more cryptocurrency exchanges and FinTech companies
- ChessMaster adds updated tools to its arsenal
- GoScanSSH malware targets SSH servers
- The number of new malware types continued rising
- An in-depth malware analysis of QuantLoader
- Panda Banker zeros in on Japanese targets
- In-depth Formbook malware analysis
- Fauxpersky malware poses as Kaspersky antivirus
- Windows IRC bot in the wild
- Pingu Cleans Up: subscription scam on Google Play
- A document that could (supposedly) only be read with Office Professional
- Portable Executable File corruption preventing malware from running
- Getting to know Cloud Armor – defense at scale for internet-facing services
- The last Windows XP security white paper
- What’s broken in iOS for iPhone X
- Qubes OS 4.0 has been released
- LKRG 0.2 was just released
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
One thought on “IT Security Weekend Catch Up – March 30, 2018”